CVE-2025-5745
June 5, 2025, 9:15 p.m.
5.6
Medium
Description
The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Gnu |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-665
Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | gnu | gnu_c_library | 2.40 | / | / | / | / | / | / | / |
| a | gnu | gnu_c_library | / | / | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: NETWORK
- Attack Complexity: HIGH
- Privileges Required: NONE
- Scope: UNCHANGED
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Timeline
Published: June 5, 2025, 8:15 p.m.
Last Modified: June 5, 2025, 9:15 p.m.
Last Modified: June 5, 2025, 9:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
3ff69d7a-14f2-4f67-a097-88dee7810d18
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.