VIR Vulnerability Intelligence Relay

CVE-2025-13601

high
Published 2026-01-21 · Modified 2026-01-22
💬 Discuss on Community ✚ Propose mitigation
CVSS v3
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVSS v4 NEW
not yet in upstream
VIR risk
7.7

Description

RHSA-2026:0991: glib2 security update (Moderate)

Predictions

Exploit likelihood
75%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description glib: Integer overflow in in g_escape_uri_string() Red Hat statement Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. CVSS v3: 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) Errata / fixed releases…

Workaround

for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Description

glib: Integer overflow in in g_escape_uri_string()

Red Hat statement

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

CVSS v3: 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 10glib2-0:2.80.4-10.el10_1.12RHSA-2026:09752026-01-22T00:00:00Z
Red Hat Enterprise Linux 10mingw-glib2-0:2.87.0-1.el10RHSA-2026:183442026-05-19T00:00:00Z
Red Hat Enterprise Linux 10.0 Extended Update Supportglib2-0:2.80.4-4.el10_0.8RHSA-2026:13272026-01-27T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Supportglib2-0:2.56.1-11.el7_9RHSA-2026:16082026-02-02T00:00:00Z
Red Hat Enterprise Linux 8glib2-0:2.56.4-168.el8_10RHSA-2026:09912026-01-22T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Supportglib2-0:2.56.4-8.el8_2.4RHSA-2026:16272026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Supportglib2-0:2.56.4-10.el8_4.4RHSA-2026:16262026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-Onglib2-0:2.56.4-10.el8_4.4RHSA-2026:16262026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Supportglib2-0:2.56.4-158.el8_6.4RHSA-2026:16242026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Serviceglib2-0:2.56.4-158.el8_6.4RHSA-2026:16242026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutionsglib2-0:2.56.4-158.el8_6.4RHSA-2026:16242026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Telecommunications Update Serviceglib2-0:2.56.4-164.el8_8RHSA-2026:16252026-02-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutionsglib2-0:2.56.4-164.el8_8RHSA-2026:16252026-02-02T00:00:00Z
Red Hat Enterprise Linux 9glib2-0:2.68.4-18.el9_7.1RHSA-2026:09362026-01-21T00:00:00Z
Red Hat Enterprise Linux 9mingw-glib2-0:2.78.6-3.el9RHSA-2026:187052026-05-19T00:00:00Z
Red Hat Enterprise Linux 9glib2-0:2.68.4-18.el9_7.1RHSA-2026:09362026-01-21T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutionsglib2-0:2.68.4-5.el9_0.4RHSA-2026:13232026-01-27T00:00:00Z
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutionsglib2-0:2.68.4-7.el9_2.4RHSA-2026:13242026-01-27T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Supportglib2-0:2.68.4-14.el9_4.5RHSA-2026:13262026-01-27T00:00:00Z
Red Hat Enterprise Linux 9.6 Extended Update Supportglib2-0:2.68.4-16.el9_6.4RHSA-2026:14652026-01-28T00:00:00Z
Red Hat OpenShift Container Platform 4.12rhcos-412.86.202602021310-0RHSA-2026:20642026-02-13T00:00:00Z
Red Hat OpenShift Container Platform 4.13rhcos-413.92.202602240113-0RHSA-2026:34152026-03-05T00:00:00Z
Red Hat OpenShift Container Platform 4.14rhcos-414.92.202602171627-0RHSA-2026:29742026-02-26T00:00:00Z
Red Hat OpenShift Container Platform 4.15rhcos-415.92.202603101737-0RHSA-2026:44192026-03-19T00:00:00Z
Red Hat OpenShift Container Platform 4.16rhcos-416.94.202602101357-0RHSA-2026:26592026-02-18T00:00:00Z
Red Hat OpenShift Container Platform 4.17rhcos-417.94.202602090846-0RHSA-2026:26712026-02-18T00:00:00Z
Red Hat OpenShift Container Platform 4.18rhcos-418.94.202602022246-0RHSA-2026:20722026-02-11T00:00:00Z
Red Hat OpenShift Container Platform 4.19rhcos-4.19.9.6.202602112047-0RHSA-2026:26332026-02-18T00:00:00Z
Red Hat Ceph Storage 8rhceph/rhceph-8-rhel9:1769512383RHSA-2026:16522026-02-02T00:00:00Z
Red Hat Discovery 2discovery/discovery-server-rhel9:1769104765RHSA-2026:17362026-02-02T00:00:00Z
Red Hat Discovery 2discovery/discovery-ui-rhel9:1769111774RHSA-2026:17362026-02-02T00:00:00Z
Red Hat Hardened Imagesglib2-main-2.88.0-1.1.hum1RHSA-2026:74612026-04-10T00:00:00Z
Red Hat Insights proxy 1.5insights-proxy/insights-proxy-container-rhel9:1770740405RHSA-2026:24852026-02-10T00:00:00Z
Red Hat Update Infrastructure 5rhui5/cds-rhel9:1770808689RHSA-2026:25632026-02-11T00:00:00Z
Red Hat Update Infrastructure 5rhui5/haproxy-rhel9:1770807477RHSA-2026:25632026-02-11T00:00:00Z
Red Hat Update Infrastructure 5rhui5/installer-rhel9:1770646925RHSA-2026:25632026-02-11T00:00:00Z
Red Hat Update Infrastructure 5rhui5/rhua-rhel9:1770808765RHSA-2026:25632026-02-11T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6glib2Out of support scope
Red Hat Enterprise Linux 8mingw-glib2Will not fix

Apply commands

bash fix
Apply RHSA-2026:0975 for Red Hat Enterprise Linux 10
yum update -y glib2
# or:
dnf upgrade -y glib2

OS impact
OSVersionStatusFixed in
rockylinux rocky8fixed
redhat rhel9fixed
debian debianbookwormfixed2.74.6-2+deb12u8
debian debianbullseyefixed2.66.8-1+deb11u7
debian debianforkyfixed2.86.3-1
debian debiansidfixed2.86.3-1
debian debiantrixiefixed2.84.4-3~deb13u2
suse slesaffected
rockylinux rocky9fixed
redhat rhel9.0affected
redhat rhel10.0affected
redhat rhel8.0affected
redhat rhel9.2affected
redhat rhel9.4affected
redhat rhel9.6affected
almalinux almalinux9fixedglib2-tests-2.68.4-18.el9_7.1.aarch64.rpm
almalinux almalinux8fixedglib2-2.56.4-168.el8_10.i686.rpm
redhat rhel8fixed

Application impact
VendorProductVersionsFixed
redhat redhatcodeready_linux_builder9.0
redhat redhatcodeready_linux_builder_for_ibm_z_systems9.0_s390x
redhat redhatcodeready_linux_builder_for_power_little_endian9.0_ppc64le
redhat redhatcodeready_linux_builder_for_x86_649.0
redhat redhatcodeready_linux_builder_for_arm6410.0
redhat redhatcodeready_linux_builder_for_ibm_z_systems10.0_s390x
redhat redhatcodeready_linux_builder_for_power_little_endian10.0_ppc64le
redhat redhatcodeready_linux_builder_for_x86_6410.0
redhat redhatcodeready_linux_builder_for_arm648.0
redhat redhatcodeready_linux_builder_for_ibm_z_systems8.0_s390x
redhat redhatcodeready_linux_builder_for_power_little_endian8.0_ppc64le
redhat redhatcodeready_linux_builder_for_x86_648.0
redhat redhatcodeready_linux_builder_for_arm64_eus9.4
redhat redhatcodeready_linux_builder_for_ibm_z_systems9.4_s390x
redhat redhatcodeready_linux_builder_for_power_little_endian9.4_ppc64le
redhat redhatcodeready_linux_builder_for_x86_649.4
redhat redhatcodeready_linux_builder_for_arm64_eus10.0
redhat redhatcodeready_linux_builder_for_ibm_z_systems_eus10.0_s390x
redhat redhatcodeready_linux_builder_for_power_little_endian_eus10.0_ppc64le
redhat redhatcodeready_linux_builder_for_x86_64_eus10.0
redhat redhatcodeready_linux_builder_for_arm649.6
redhat redhatcodeready_linux_builder_for_ibm_z_systems9.6_s390x
redhat redhatcodeready_linux_builder_for_power_little_endian9.6_ppc64le
redhat redhatcodeready_linux_builder_for_x86_649.6
redhat redhatceph_storage8.0
redhat redhatdiscovery2.0
gnomeglib{"endExcluding":"2.86.3"}2.86.3
redhat redhatopenshift_container_platform4.12
redhat redhatopenshift_container_platform4.16
redhat redhatopenshift_container_platform4.17
redhat redhatopenshift_container_platform4.18
redhat redhatopenshift_container_platform4.19
redhat redhatopenshift_container_platform_for_arm644.12
redhat redhatopenshift_container_platform_for_arm644.16
redhat redhatopenshift_container_platform_for_arm644.17
redhat redhatopenshift_container_platform_for_arm644.18
redhat redhatopenshift_container_platform_for_arm644.19
redhat redhatopenshift_container_platform_for_ibm_z4.12
redhat redhatopenshift_container_platform_for_ibm_z4.16
redhat redhatopenshift_container_platform_for_ibm_z4.17
redhat redhatopenshift_container_platform_for_ibm_z4.18
redhat redhatopenshift_container_platform_for_ibm_z4.19
redhat redhatopenshift_container_platform_for_linuxone4.12
redhat redhatopenshift_container_platform_for_linuxone4.16
redhat redhatopenshift_container_platform_for_linuxone4.17
redhat redhatopenshift_container_platform_for_linuxone4.18
redhat redhatopenshift_container_platform_for_linuxone4.19
redhat redhatopenshift_container_platform_for_power4.12
redhat redhatopenshift_container_platform_for_power4.16
redhat redhatopenshift_container_platform_for_power4.17
redhat redhatopenshift_container_platform_for_power4.18
redhat redhatopenshift_container_platform_for_power4.19

References

CWEs

CWE-190

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.