CVE-2025-8058 (MEDIUM): detected in Lambda Docker Images. #323
Description
CVE Details
| CVE ID | Severity | Affected Package | Installed Version | Fixed Version | Date Published | Date of Scan |
|---|---|---|---|---|---|---|
| CVE-2025-8058 | MEDIUM |
glibc |
2.34-196.amzn2023.0.1 |
2.34-231.amzn2023.0.1 |
2025-07-23T20:15:27.747Z |
2025-09-16T10:18:10.80624825Z |
Affected Docker Images
| Image Name | SHA |
|---|---|
public.ecr.aws/lambda/provided:latest |
public.ecr.aws/lambda/provided@sha256:ff41861b5fc38240f3b3fae322e729e0f02774efc622b26fb3373a1c121eda3a |
public.ecr.aws/lambda/provided:al2023 |
public.ecr.aws/lambda/provided@sha256:ff41861b5fc38240f3b3fae322e729e0f02774efc622b26fb3373a1c121eda3a |
public.ecr.aws/lambda/python:latest |
public.ecr.aws/lambda/python@sha256:95d5a7a774dc3a6955a86ab0e66c60e4d1ff133620446fbf2881f25911ab8671 |
public.ecr.aws/lambda/python:3.13 |
public.ecr.aws/lambda/python@sha256:95d5a7a774dc3a6955a86ab0e66c60e4d1ff133620446fbf2881f25911ab8671 |
public.ecr.aws/lambda/python:3.12 |
public.ecr.aws/lambda/python@sha256:66c83f7effdf38f6309db645384039d9d04308f7e78d6a73421defc0edf7519d |
public.ecr.aws/lambda/nodejs:latest |
public.ecr.aws/lambda/nodejs@sha256:01f777f8785d2aa79d6edb8b6e615111b6449a3347c2a5147b7242ee5fc3d75f |
public.ecr.aws/lambda/nodejs:22 |
public.ecr.aws/lambda/nodejs@sha256:01f777f8785d2aa79d6edb8b6e615111b6449a3347c2a5147b7242ee5fc3d75f |
public.ecr.aws/lambda/nodejs:20 |
public.ecr.aws/lambda/nodejs@sha256:85f92b5605735e064e130da7fd57d67d05762b3432955ff45e81a7657bc76015 |
public.ecr.aws/lambda/java:latest |
public.ecr.aws/lambda/java@sha256:27bc71f0cfd9ec3c88b11bf2e14f5a8bda5aafc5886cb6acded763046eddcc39 |
public.ecr.aws/lambda/java:21 |
public.ecr.aws/lambda/java@sha256:27bc71f0cfd9ec3c88b11bf2e14f5a8bda5aafc5886cb6acded763046eddcc39 |
public.ecr.aws/lambda/dotnet:latest |
public.ecr.aws/lambda/dotnet@sha256:02167ec97fad8b7947b230f560f0a6ae0baf3bf2393125703b15d8d783d65a86 |
public.ecr.aws/lambda/dotnet:9 |
public.ecr.aws/lambda/dotnet@sha256:02167ec97fad8b7947b230f560f0a6ae0baf3bf2393125703b15d8d783d65a86 |
public.ecr.aws/lambda/dotnet:8 |
public.ecr.aws/lambda/dotnet@sha256:29a89dffdf450c8ce6fa7f51876b8fb65b3bfc14f5ffdda4d29f872c2565c125 |
public.ecr.aws/lambda/ruby:latest |
public.ecr.aws/lambda/ruby@sha256:894e792c05130bf6b4a0a8a0e2fdaceb2f4e7f85bb8d07a646f3dccb01081aa9 |
public.ecr.aws/lambda/ruby:3.4 |
public.ecr.aws/lambda/ruby@sha256:894e792c05130bf6b4a0a8a0e2fdaceb2f4e7f85bb8d07a646f3dccb01081aa9 |
public.ecr.aws/lambda/ruby:3.3 |
public.ecr.aws/lambda/ruby@sha256:2d1f3857c37110b9c75fe707e4024503c9a8d3a6efa4318592c70b8f0922d1db |
Description
The regcomp function in the GNU C library version from 2.4 to 2.41 is
subject to a double free if some previous allocation fails. It can be
accomplished either by a malloc failure or by using an interposed malloc
that injects random malloc failures. The double free can allow buffer
manipulation depending of how the regex is constructed. This issue
affects all architectures and ABIs supported by the GNU C library.
Remediation Steps
- Update the affected package
glibcfrom version2.34-196.amzn2023.0.1to2.34-231.amzn2023.0.1.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.