CVE-2025-3360 in GLib
Summary
by MITRE • 04/07/2025
A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/25/2026
The vulnerability resides within the glib library's date time parsing functionality, specifically in the g_date_time_new_from_iso8601() function which handles ISO 8601 timestamp validation. This flaw manifests as an integer overflow combined with a buffer under-read condition when processing malformed timestamp data that exceeds normal parameter limits. The issue stems from inadequate input validation and boundary checking within the timestamp parsing algorithm, creating a scenario where maliciously crafted timestamps can trigger unexpected memory access patterns. When the parsing routine encounters an excessively long invalid timestamp, the integer overflow corrupts control flow variables while the subsequent buffer under-read attempts to access memory regions that fall outside the allocated buffer boundaries. This combination of vulnerabilities creates a potential exploitation vector for denial of service attacks or potentially more severe memory corruption outcomes depending on the execution environment and memory layout.
The technical implementation of this vulnerability aligns with common software security weaknesses categorized under CWE-190 for integer overflow and CWE-129 for insufficient boundary checks. The flaw operates at the intersection of input validation and memory management within the glib library's core functionality, making it particularly dangerous in applications that rely heavily on date time parsing for security-critical operations. The integer overflow condition occurs during the calculation of buffer sizes or loop counters when parsing timestamp components, while the buffer under-read happens when attempting to access memory locations that precede the actual buffer allocation. This type of vulnerability commonly falls under the ATT&CK technique T1499.004 for network denial of service attacks and may also map to T1595.001 for reconnaissance activities that identify system weaknesses. The vulnerability affects any application or system that utilizes glib's date time parsing functions and processes untrusted timestamp data from external sources.
The operational impact of this vulnerability extends beyond simple denial of service conditions to potentially compromise system stability and availability. When exploited, the integer overflow can cause parsing routines to enter undefined states, while the buffer under-read may result in information disclosure or system crashes. Applications that depend on glib for time stamp validation in authentication systems, logging mechanisms, or data processing pipelines become vulnerable to disruptions that could affect business continuity. The vulnerability is particularly concerning in server environments where multiple timestamp parsing operations occur concurrently, as it may lead to cascading failures affecting entire service availability. Additionally, the exploitation of this flaw could potentially enable attackers to infer memory layout information through information disclosure mechanisms, creating opportunities for more advanced exploitation techniques. Systems processing large volumes of timestamp data from external sources are at increased risk, as the vulnerability can be triggered through legitimate parsing operations when malformed data is encountered.
Mitigation strategies should focus on immediate patching of affected glib versions and implementation of input validation layers at application boundaries. Organizations should prioritize updating to patched versions of glib that address the integer overflow and buffer under-read conditions in the timestamp parsing routines. Additional protective measures include implementing strict timestamp format validation before passing data to glib functions, limiting the length of timestamp strings processed, and adding defensive programming practices such as bounds checking and input sanitization. Network segmentation and monitoring solutions should be deployed to detect anomalous timestamp patterns that may indicate exploitation attempts. The implementation of application firewalls or intrusion prevention systems that can identify and block malformed timestamp data represents another effective mitigation layer. Regular security assessments and code reviews should specifically target date time parsing functions and related memory management operations to identify similar vulnerabilities. System administrators should also implement comprehensive logging of timestamp parsing operations to facilitate detection of potential exploitation attempts and provide forensic evidence for incident response activities.