What the vulnerability does

01Description

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

Key dates

02Disclosure timeline

January 22, 2025 CVE published
May 12, 2026 Record updated