CVE-2025-6052 (HIGH): detected in Lambda Docker Images. #299
Description
CVE Details
| CVE ID | Severity | Affected Package | Installed Version | Fixed Version | Date Published | Date of Scan |
|---|---|---|---|---|---|---|
| CVE-2025-6052 | HIGH |
glib2 |
2.82.2-765.amzn2023 |
2.82.2-766.amzn2023 |
2025-06-13T16:15:28.23Z |
2025-07-11T10:18:18.654991717Z |
Affected Docker Images
| Image Name | SHA |
|---|---|
public.ecr.aws/lambda/provided:latest |
public.ecr.aws/lambda/provided@sha256:d3aa484fa750133580e8b8563d0290a3053289d4932bb80b2f850ecea87bdffe |
public.ecr.aws/lambda/provided:al2023 |
public.ecr.aws/lambda/provided@sha256:d3aa484fa750133580e8b8563d0290a3053289d4932bb80b2f850ecea87bdffe |
public.ecr.aws/lambda/python:latest |
public.ecr.aws/lambda/python@sha256:466809a45ae3765e753081092eaecc16cbf97e7171a20569a1180556855e7447 |
public.ecr.aws/lambda/python:3.13 |
public.ecr.aws/lambda/python@sha256:466809a45ae3765e753081092eaecc16cbf97e7171a20569a1180556855e7447 |
public.ecr.aws/lambda/python:3.12 |
public.ecr.aws/lambda/python@sha256:f8a12468c1757e0eb389f75541f950b2913aaed84bf06976e2998cd04ec7bcc3 |
public.ecr.aws/lambda/nodejs:latest |
public.ecr.aws/lambda/nodejs@sha256:026c0f8727b45754e13ca9eeb1aab355a6dc18aa14ac6372316c73bf78af5208 |
public.ecr.aws/lambda/nodejs:22 |
public.ecr.aws/lambda/nodejs@sha256:026c0f8727b45754e13ca9eeb1aab355a6dc18aa14ac6372316c73bf78af5208 |
public.ecr.aws/lambda/nodejs:20 |
public.ecr.aws/lambda/nodejs@sha256:caabfbd6df1877f58b7042b5ef691ac731a607c7b4acb88bebf713b83f28c151 |
public.ecr.aws/lambda/java:latest |
public.ecr.aws/lambda/java@sha256:2a1bc55925598c76629022a2827f128ff3bdfdbe2ff1796e7ee9c812455bb808 |
public.ecr.aws/lambda/java:21 |
public.ecr.aws/lambda/java@sha256:2a1bc55925598c76629022a2827f128ff3bdfdbe2ff1796e7ee9c812455bb808 |
public.ecr.aws/lambda/dotnet:latest |
public.ecr.aws/lambda/dotnet@sha256:a5f3cb91410ad519afe3e6288ae907b858f9c72f14f8ef132c6f9601bb12e4e2 |
public.ecr.aws/lambda/dotnet:9 |
public.ecr.aws/lambda/dotnet@sha256:a5f3cb91410ad519afe3e6288ae907b858f9c72f14f8ef132c6f9601bb12e4e2 |
public.ecr.aws/lambda/dotnet:8 |
public.ecr.aws/lambda/dotnet@sha256:b4c341b9f9ec10d193593a524fd7b13ba30df390cf3075d1e59a52ba33f92d3a |
public.ecr.aws/lambda/ruby:latest |
public.ecr.aws/lambda/ruby@sha256:169c84994e9b122b1feae339e3b999d193da1d5169af266b9e4ac11690b83360 |
public.ecr.aws/lambda/ruby:3.4 |
public.ecr.aws/lambda/ruby@sha256:169c84994e9b122b1feae339e3b999d193da1d5169af266b9e4ac11690b83360 |
public.ecr.aws/lambda/ruby:3.3 |
public.ecr.aws/lambda/ruby@sha256:745e355afbae8738803a70dde2b2bcb2d13f420f9aca194c3feee05f19b01a5d |
Description
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
Remediation Steps
- Update the affected package
glib2from version2.82.2-765.amzn2023to2.82.2-766.amzn2023.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.