CVE-2025-3360: Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601().
A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.
Security readout for executives and security teams
Plain-English summary
This is a low-severity GLib parsing flaw. If an exposed application passes a very long invalid ISO 8601 timestamp into GLib, it may trigger limited availability impact. The sources do not indicate data theft, integrity compromise, or active exploitation.
Executive priority
Handle through normal vulnerability management, not emergency response. Prioritize internet-facing services that parse user-supplied timestamps, but current evidence supports low business urgency because impact is limited to availability and no active exploitation is cited.
Technical view
CVE-2025-3360 is an integer overflow and buffer under-read in GLib g_date_time_new_from_iso8601() when handling a long invalid ISO 8601 timestamp. CVSS 3.1 is 3.7, with network attack vector, high complexity, no privileges, no user interaction, and low availability impact only.
Likely exposure
Exposure is most relevant to applications or services that accept untrusted timestamp strings and parse them with GLib. Red Hat lists glib2 and related packages as affected on RHEL 8, 9, and 10; RHEL 6 and 7 status is unknown in the supplied data.
Exploitation context
The source bundle marks KEV as false and provides no cited evidence of active exploitation. Exploitation appears constrained by high attack complexity and requires attacker-controlled malformed timestamp input reaching the vulnerable parser.
Researcher notes
Focus analysis on reachability: whether attacker-controlled long invalid ISO 8601 strings can reach g_date_time_new_from_iso8601(). The supplied sources do not provide exploit details, confirmed active exploitation, or complete downstream fixed-version mapping.
Mitigation direction
Apply vendor-supported GLib or glib2 security updates when available.
Check Red Hat and Debian advisories for package-specific fixed versions.
Do not rely only on upstream version numbers; vendors may backport fixes.
Reject oversized or malformed timestamp input at application boundaries.
Track RHEL 6 and 7 status because supplied data lists it as unknown.
Validation and detection
Inventory systems and containers using GLib or glib2 packages.
Identify services that parse externally supplied ISO 8601 timestamps.
Compare installed package status against Red Hat and Debian advisories.
Confirm affected RHEL 8, 9, and 10 packages are updated.
Review logs for crashes linked to malformed timestamp parsing.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-190: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-190 · source CWE mapping
Integer Overflow or Wraparound
Integer Overflow or Wraparound represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.