Integer Overflow or Wraparound Affecting glibc package, versions [,2.82.5)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.09% (27th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-GLIBC-10247363
  • published26 May 2025
  • disclosed7 Apr 2025
  • creditUnknown

Introduced: 7 Apr 2025

CVE-2025-3360  (opens in a new tab)
CWE-190  (opens in a new tab)

How to fix?

Upgrade glibc to version 2.82.5 or higher.

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601 function. An attacker can cause the application to crash or behave unexpectedly by supplying a specially crafted timestamp.

CVSS Base Scores

version 4.0
version 3.1