GLib g_regex_replace over-read via G_REGEX_RAW causing info leak & DoS
CVE-2026-58012 Published on June 30, 2026

Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.

NVD

Vulnerability Analysis

CVE-2026-58012 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a small impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
LOW

Timeline

Reported to Red Hat.

Made public.

Weakness Type

Buffer Over-read

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in exposure of sensitive information or possibly a crash.


Products Associated with CVE-2026-58012

stack.watch emails you whenever new vulnerabilities are published in Red Hat Enterprise Linux (RHEL) or Red Hat Hummingbird. Just hit a watch button to start following.

 
 

Affected Versions

GNOME GLib: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux 9: Red Hat Hardened Images: