Skip to main content

Enterprise Linux CVE-2026-58012

| EUVDEUVD-2026-40314 HIGH
Buffer Over-read (CWE-126)
2026-06-30 secalert@redhat.com GHSA-vwg8-37h9-g38g
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
vuln.today AI
4.8 MEDIUM

AV:N since input can be remote, but AC:H because the vulnerable G_REGEX_RAW-plus-case-escape path is non-default and the page-crossing crash is probabilistic; C:L for the 1-5 byte leak, A:L as DoS is conditional not guaranteed.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Updated
Jul 02, 2026 - 19:46 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 02, 2026 - 19:46 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 02, 2026 - 19:37 vuln.today
cvss_changed
Severity Changed
Jul 02, 2026 - 19:37 NVD
MEDIUM HIGH
CVSS changed
Jul 02, 2026 - 19:37 NVD
6.5 (MEDIUM) 8.2 (HIGH)
Patch available
Jun 30, 2026 - 16:01 EUVD
Analysis Generated
Jun 30, 2026 - 13:36 vuln.today

DescriptionNVD

A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the G_REGEX_RAW compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.

AnalysisAI

Buffer over-read in GNOME GLib's g_regex_replace() lets remote attackers leak 1-5 adjacent bytes of process memory and crash applications when regex replacement is performed with the G_REGEX_RAW compile flag combined with case-change replacement escapes. The internal string_append helper applies UTF-8 aware routines to matched substrings even though G_REGEX_RAW treats the buffer as raw bytes, reading past the intended boundary. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Identify all systems running GNOME GLib across RHEL 6-10 infrastructure and document current versions in use. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-32463 CRITICAL POC
9.3 Jun 30

Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot opti

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2024-12085 HIGH POC
7.5 Jan 14

A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), t

CVE-2024-12084 CRITICAL POC
9.8 Jan 15

A heap-based buffer overflow flaw was found in the rsync daemon. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2025-6021 HIGH POC
7.5 Jun 12

Stack-based buffer overflow in libxml2's xmlBuildQName function allows remote unauthenticated attackers to crash affecte

CVE-2024-12087 HIGH POC
7.5 Jan 14

Server-to-client path traversal in rsync lets a malicious or compromised rsync server write files outside the client's i

CVE-2024-0553 HIGH POC
7.5 Jan 16

A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no auth

CVE-2025-46397 HIGH POC
7.8 Apr 23

A flaw was found in xfig. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit co

CVE-2025-5914 HIGH POC
7.8 Jun 09

CVE-2025-5914 is an integer overflow vulnerability in libarchive's archive_read_format_rar_seek_data() function that lea

CVE-2025-3155 HIGH POC
7.4 Apr 03

A flaw was found in Yelp. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication

CVE-2025-2784 MEDIUM POC
6.5 Apr 03

A flaw was found in libsoup. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authenticati

CVE-2024-12086 MEDIUM POC
6.8 Jan 14

A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati

Share

CVE-2026-58012 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy