In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCanonical Ubuntu
OSCanonical16.0418.0419.10Gnu Glibc
APPGnu≤ 2.29Mcafee Web Gateway
APPMcafee7.7.2.0 – 7.7.2.21 (bez)7.8.2.0 – 7.8.2.8 (bez)8.0.0 – 8.1.1 (bez)Netapp Cloud Backup
APPNetappwszystkie wersjeNetapp Ontap Select Deploy Administration Utility
APPNetappwszystkie wersjeNetapp Steelstore Cloud Integrated Storage
APPNetappwszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References
Related vulnerabilities
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2022-0543CRITICAL10.0⚠ KEVten sam produkt
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debia...
CVE-2021-42013CRITICAL9.8⚠ KEVten sam produkt
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could ...
CVE-2021-41773CRITICAL9.8⚠ KEVten sam produkt
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a ...
CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...