Primary

Context

Abseil-cpp Heap Buffer Overflow Vulnerability in Hash Containers

Vulnerability

A heap buffer overflow vulnerability has been identified in Abseil-cpp, specifically within the sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map}. These methods did not enforce a maximum limit on the size parameter, allowing callers to input excessively large sizes. This oversight could lead to an integer overflow when calculating the size of the container's backing store, followed by an out-of-bounds memory write. Additionally, subsequent accesses to the container could reach out-of-bounds memory, potentially causing further issues.

Impact

Exploitation of this vulnerability can lead to a heap buffer overflow, allowing for out-of-bounds memory writes and accesses.

Reproduction

The vulnerability can be reproduced by using the sized constructors, reserve(), or rehash() methods of absl::{flat,node}hash{set,map} without specifying a size limit. Passing a size that exceeds the container's capacity can trigger the integer overflow and subsequent heap buffer overflow.

Remediation

Users are advised to upgrade to version 0~20200923.3-2+deb11u1 or later.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.3

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.3

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Abseil-cpp Heap Buffer Overflow Vulnerability in Hash Containers

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating