CVE-2025-15281

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

20/01/2026

Last modified:

20/01/2026

Description

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Impact

References to Advisories, Solutions, and Tools

https://sourceware.org/bugzilla/show_bug.cgi?id=33814