{"id":"CVE-2025-8058","details":"The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.","modified":"2026-04-16T04:33:21.439535853Z","published":"2025-07-23T20:15:27.747Z","related":["ALSA-2025:12980","ALSA-2025:13240","CGA-7gvr-2j94-hq34","SUSE-SU-2025:02964-1","SUSE-SU-2026:0680-1","SUSE-SU-2026:0896-1","SUSE-SU-2026:20527-1","SUSE-SU-2026:20536-1","openSUSE-SU-2025:15459-1"],"references":[{"type":"WEB","url":"https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/07/23/1"},{"type":"REPORT","url":"https://sourceware.org/bugzilla/show_bug.cgi?id=33185"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8058.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}]}