A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7942-1 advisory.

    It was discovered that GLib incorrectly handled escaping URI strings. An attacker could use this issue to     cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code.
    (CVE-2025-13601)

    It was discovered that GLib incorrectly parsed certain GVariants. An attacker could use this issue to     cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code.
    (CVE-2025-14087)

    It was discovered that GLib incorrectly parsed certain long invalid ISO 8601 timestamps. An attacker could     possibly use this issue to cause GLib to crash, resulting in a denial of service. This issue only affected     Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-3360)

    It was discovered that GLib incorrectly handled GString memory operations. An attacker could use this     issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. This     issue only affected Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2025-6052)

    It was discovered that GLib incorrectly handled creating temporary files. An attacker could possibly use     this issue to access unauthorized data. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and     Ubuntu 25.04. (CVE-2025-7039)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0745 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2025-6052:
    A flaw was found in how GLibs GString manages memory when adding data to strings. If a string is     already very large, combining it with more input can cause a hidden overflow in the size calculation. This     makes the system think it has enough memory when it doesnt. As a result, data may be written past the     end of the allocated memory, leading to crashes or memory corruption.

    CVE-2025-4373:
    A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar()     function. When the position at which to insert the character is large, the position will overflow, leading     to a buffer underwrite.

    CVE-2025-3360:
    A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO     8601 timestamp with the g_date_time_new_from_iso8601() function.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A flaw was found in how GLib's GString manages memory when adding data to strings. If a string is already     very large, combining it with more input can cause a hidden overflow in the size calculation. This makes     the system think it has enough memory when it doesn't. As a result, data may be written past the end of     the allocated memory, leading to crashes or memory corruption. (CVE-2025-6052)

Note that Nessus relies on the presence of the package as reported by the vendor.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1069 advisory.

    A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO     8601 timestamp with the g_date_time_new_from_iso8601() function. (CVE-2025-3360)

    A flaw was found in how GLib's GString manages memory when adding data to strings. If a string is already     very large, combining it with more input can cause a hidden overflow in the size calculation. This makes     the system think it has enough memory when it doesn't. As a result, data may be written past the end of     the allocated memory, leading to crashes or memory corruption. (CVE-2025-6052)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02167-1 advisory.

    - CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() leads to potential buffer overflow in     GString (bsc#1244596).
    - CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function g_string_insert_unichar     (bsc#1242844).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-60e9097b77 advisory.

    FIx CVE-2025-6052.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-2c1425a4e4 advisory.

    FIx CVE-2025-6052.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
281923	Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : GLib vulnerabilities (USN-7942-1)	Nessus	Ubuntu Local Security Checks	low
275987	TencentOS Server 4: librsvg2 (TSSA-2025:0745)	Nessus	Tencent Local Security Checks	high
258244	Linux Distros Unpatched Vulnerability : CVE-2025-6052	Nessus	Misc.	high
241779	Amazon Linux 2023 : glib2, glib2-devel, glib2-static (ALAS2023-2025-1069)	Nessus	Amazon Linux Local Security Checks	low
241039	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glib2 (SUSE-SU-2025:02167-1)	Nessus	SuSE Local Security Checks	medium
240347	Fedora 42 : mingw-glib2 (2025-60e9097b77)	Nessus	Fedora Local Security Checks	low
240345	Fedora 41 : mingw-glib2 (2025-2c1425a4e4)	Nessus	Fedora Local Security Checks	low

Detections

Analytics

CVE-2025-6052

high

Tenable Plugins

low

high

high

low

medium

low

low