CVE-2025-0838 Affecting abseil package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-UBUNTU2410-ABSEIL-8745279
- published2 Mar 2025
- disclosed21 Feb 2025
Introduced: 21 Feb 2025
NewCVE-2025-0838 (opens in a new tab)How to fix?
There is no fixed version for Ubuntu:24.10 abseil.
NVD Description
Note: Versions mentioned in the description apply only to the upstream abseil package and not the abseil package as distributed by Ubuntu.
See How to fix? for Ubuntu:24.10 relevant fixed versions and status.
There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1