A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1069 advisory.

    A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO     8601 timestamp with the g_date_time_new_from_iso8601() function. (CVE-2025-3360)

    A flaw was found in how GLib's GString manages memory when adding data to strings. If a string is already     very large, combining it with more input can cause a hidden overflow in the size calculation. This makes     the system think it has enough memory when it doesn't. As a result, data may be written past the end of     the allocated memory, leading to crashes or memory corruption. (CVE-2025-6052)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02167-1 advisory.

    - CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() leads to potential buffer overflow in     GString (bsc#1244596).
    - CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function g_string_insert_unichar     (bsc#1242844).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-60e9097b77 advisory.

    FIx CVE-2025-6052.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-2c1425a4e4 advisory.

    FIx CVE-2025-6052.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
241779	Amazon Linux 2023 : glib2, glib2-devel, glib2-static (ALAS2023-2025-1069)	Nessus	Amazon Linux Local Security Checks	low
241039	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glib2 (SUSE-SU-2025:02167-1)	Nessus	SuSE Local Security Checks	medium
240347	Fedora 42 : mingw-glib2 (2025-60e9097b77)	Nessus	Fedora Local Security Checks	low
240345	Fedora 41 : mingw-glib2 (2025-2c1425a4e4)	Nessus	Fedora Local Security Checks	low

Detections

Analytics

CVE-2025-6052

low

Tenable Plugins

low

medium

low

low