| Package | glibc |
|---|---|
| Version | 2.28-10+deb10u5 (buster) |
| Related CVEs | CVE-2025-0395 CVE-2025-4802 |
Multiple vulnerabilities were discovered in the GNU C Library, the C standard library implementation used by Debian.
CVE-2024-0395
When the function fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
CVE-2025-4802
Privilege escalation may be possible in statically compiled setuid binaries that call dlopen(), due to an untrusted LD_LIBRARY_PATH environment variable vulnerability. This includes calls to dlopen() internal to glibc itself, made after user calls to setlocale() or to NSS functions such as getaddrinfo().
For Debian 10 buster, these problems have been fixed in version 2.28-10+deb10u5.
We recommend that you upgrade your glibc packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.