CVE-2025-15281

Publication date 20 January 2026

Last updated 27 January 2026

Ubuntu priority

Cvss 3 Severity Score

Description

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
glibc	25.10 questing	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
eglibc	25.10 questing	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	14.04 LTS trusty	Needs evaluation

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
glibc	Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=80cc58ea2de214f85b0a1d902a3b668ad2ecb302 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bed2db02f3183e93f21d506786c5f884a1dec9e7 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fb4db64a04ad6c96cd1fbb7e02eb59323b1f2ac2 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ce65d944e38a20cb70af2a48a4b8aa5d8fabe1cc Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bb59339d02faebac534a87eea50c83c948f35b77 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=28eb5caf895ced5d895cb02757e109004a2d33e5

Package

Patch details

glibc

Severity score breakdown

Parameter	Value
Base score	7.5 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2025-15281

Cvss 3 Severity Score

Description

Status

Patch details

Severity score breakdown

References

Other references