Home

CVE-2025-0838

Description

There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the containers backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.269

Associated Vulnerability

VulnerabilityOS Platform
extensions to the C++ standard library (USN-7505-1) libabsl20210324_0~20210324.2-2ubuntu0.2_amd64.debLinux
extensions to the C++ standard library (USN-7505-1) libabsl20210324_0~20210324.2-2ubuntu0.2_i386.debLinux
extensions to the C++ standard library (USN-7505-1) libabsl20220623t64_20220623.1-3.1ubuntu3.2_amd64.debLinux
extensions to the C++ standard library (USN-7505-1) libabsl20220623t64_20220623.1-3.1ubuntu3.2_i386.debLinux
extensions to the C++ standard library (USN-7505-1) libabsl20230802_20230802.1-4.2ubuntu0.2_amd64.debLinux
extensions to the C++ standard library (USN-7505-1) libabsl20230802_20230802.1-4.2ubuntu0.2_i386.debLinux
extensions to the C++ standard library (USN-7505-1) libabsl20230802_20230802.1-4ubuntu1.2_amd64.debLinux
extensions to the C++ standard library (USN-7505-1) libabsl20230802_20230802.1-4ubuntu1.2_i386.debLinux
abseil-cpp Security Update (ALAS-2025-1042) abseil-cpp-devel-20220623.1-4.amzn2023.0.2.x86_64.rpmLinux
abseil-cpp Security Update (ALAS-2025-1042) abseil-cpp-20220623.1-4.amzn2023.0.2.x86_64.rpmLinux
abseil-cpp Security Update (ALAS2023-2025-1042) abseil-cpp-20220623.1-4.amzn2023.0.2.x86_64.rpmLinux
abseil-cpp Security Update (ALAS2023-2025-1042) abseil-cpp-devel-20220623.1-4.amzn2023.0.2.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234