CVE-2025-8058
Publication date 23 July 2025
Last updated 4 February 2026
Ubuntu priority
Description
The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| eglibc | 25.10 questing | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 14.04 LTS trusty |
Needs evaluation
|
|
| glibc | 25.10 questing |
Not affected
|
| 24.04 LTS noble |
Fixed 2.39-0ubuntu8.6
|
|
| 22.04 LTS jammy |
Fixed 2.35-0ubuntu3.11
|
|
| 20.04 LTS focal |
Fixed 2.31-0ubuntu9.18+esm1
|
|
| 18.04 LTS bionic |
Fixed 2.27-3ubuntu1.6+esm6
|
|
| 16.04 LTS xenial |
Fixed 2.23-0ubuntu11.3+esm9
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialPatch details
| Package | Patch details |
|---|---|
| glibc |
References
Related Ubuntu Security Notices (USN)
- USN-7760-1
- GNU C Library vulnerability
- 22 September 2025
- USN-8005-1
- GNU C Library vulnerabilities
- 3 February 2026