{"id":"AZL-74819","summary":"CVE-2025-15281 affecting package glibc for versions less than 2.38-18","details":"Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.","modified":"2026-04-21T04:38:47.643622Z","published":"2026-01-20T14:16:07Z","upstream":["CVE-2025-15281"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15281"}],"affected":[{"package":{"name":"glibc","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/glibc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.38-18"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74819.json"}}],"schema_version":"1.7.5"}