Unrated severityNVD Advisory· Published Feb 21, 2025· Updated Apr 5, 2025
Heap Buffer overflow in Abseil
CVE-2025-0838
Description
There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- Range: before commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1
- osv-coords9 versionspkg:rpm/opensuse/abseil-cpp&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/abseil-cpp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/abseil-cpp&distro=SUSE%20Linux%20Micro%206.1
< 20240116.3-150600.19.6.1+ 8 more
- (no CPE)range: < 20240116.3-150600.19.6.1
- (no CPE)range: < 20250814.0-2.1
- (no CPE)range: < 20230802.3-150400.10.7.1
- (no CPE)range: < 20240116.3-150500.13.10.1
- (no CPE)range: < 20240116.3-150500.13.10.1
- (no CPE)range: < 20240116.3-150600.19.6.1
- (no CPE)range: < 20240116.3-8.6.1
- (no CPE)range: < 20230802.3-1.1
- (no CPE)range: < 20230802.3-slfo.1.1_1.1
- abseil/abseil-cppv5Range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.