Security update of Abseil (MINDBREEZE34683)

ID: MINDBREEZE34683 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: Low 
Status: Final 
Last Update: February 21, 2025 
First published: June 6, 2025 
CVEs: CVE-2025-0838 

Summary 

There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. 

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 25.3 Release
• Mindbreeze InSpire Saas 25.3 Release