{"id":"CVE-2025-0838","details":"There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1","modified":"2026-04-09T10:32:13.049791Z","published":"2025-02-21T15:15:11.890Z","related":["SUSE-SU-2026:0190-1","SUSE-SU-2026:0338-1","SUSE-SU-2026:0381-1","SUSE-SU-2026:0412-1","SUSE-SU-2026:0576-1","SUSE-SU-2026:20268-1","SUSE-SU-2026:20361-1","openSUSE-SU-2025:15473-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00012.html"},{"type":"FIX","url":"https://github.com/abseil/abseil-cpp/commit/5a0e2cb5e3958dd90bb8569a2766622cb74d90c1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/abseil/abseil-cpp","events":[{"introduced":"0"},{"fixed":"9ac7062b1860d895fb5a8cbf58c3e9ef8f674b5f"},{"fixed":"5a0e2cb5e3958dd90bb8569a2766622cb74d90c1"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"20250127.0"}]}}],"versions":["20250127.rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-0838.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}