Unrated severityNVD Advisory· Published Jan 20, 2026· Updated Jan 22, 2026

wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

CVE-2025-15281

Description

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Affected products

GNU/GNU C Libraryllm-fuzzy
Range: >=2.0, <=2.42
The GNU C Library/glibcv5
Range: 2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sourceware.org/bugzilla/show_bug.cgimitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000