CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32643
https://notcve.org/view.php?id=CVE-2023-32643
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. Se encontró una falla en GLib. El código de deserialización de GVariant es vulnerable a un desbordamiento del búfer introducido por la solución para CVE-2023-32665. • https://gitlab.gnome.org/GNOME/glib/-/issues/2840 https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://security.netapp.com/advisory/ntap-20240426-0005 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32611 – G_variant_byteswap() can take a long time with some non-normal inputs
https://notcve.org/view.php?id=CVE-2023-32611
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Se encontró una falla en GLib. La deserialización de GVariant es vulnerable a un problema de desaceleración en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegación de servicio. • https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html https://security.gentoo.org/glsa/202311-18 https://security.netapp.com/advisory/ntap-20231027-0005 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29499 – Gvariant offset table entry size is not checked in is_normal()
https://notcve.org/view.php?id=CVE-2023-29499
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. Se encontró una falla en GLib. La deserialización de GVariant no logra validar que la entrada se ajuste al formato esperado, lo que lleva a la denegación de servicio. • https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html https://security.gentoo.org/glsa/202311-18 https://security.netapp.com/advisory/ntap-20231103-0001 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32665 – Gvariant deserialisation does not match spec for non-normal data
https://notcve.org/view.php?id=CVE-2023-32665
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Se encontró una falla en GLib. La deserialización de GVariant es vulnerable a un problema de explosión exponencial en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegación de servicio. • https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html https://security.gentoo.org/glsa/202311-18 https://security.netapp.com/advisory/ntap-20240426-0006 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32636 – glib: Timeout in fuzz_variant_text
https://notcve.org/view.php?id=CVE-2023-32636
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. Se encontró una falla en glib, donde el código de deserialización gvariant es vulnerable a una denegación de servicio introducida por una validación de entrada adicional agregada para resolver CVE-2023-29499. La validación de la tabla de desplazamiento puede ser muy lenta. • https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://security.netapp.com/advisory/ntap-20231110-0002 https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •