CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32643
https://notcve.org/view.php?id=CVE-2023-32643
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. Se encontró una falla en GLib. El código de deserialización de GVariant es vulnerable a un desbordamiento del búfer introducido por la solución para CVE-2023-32665. • https://gitlab.gnome.org/GNOME/glib/-/issues/2840 https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://security.netapp.com/advisory/ntap-20240426-0005 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32611 – G_variant_byteswap() can take a long time with some non-normal inputs
https://notcve.org/view.php?id=CVE-2023-32611
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Se encontró una falla en GLib. La deserialización de GVariant es vulnerable a un problema de desaceleración en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegación de servicio. • https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html https://security.gentoo.org/glsa/202311-18 https://security.netapp.com/advisory/ntap-20231027-0005 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29499 – Gvariant offset table entry size is not checked in is_normal()
https://notcve.org/view.php?id=CVE-2023-29499
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. Se encontró una falla en GLib. La deserialización de GVariant no logra validar que la entrada se ajuste al formato esperado, lo que lleva a la denegación de servicio. • https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html https://security.gentoo.org/glsa/202311-18 https://security.netapp.com/advisory/ntap-20231103-0001 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32665 – Gvariant deserialisation does not match spec for non-normal data
https://notcve.org/view.php?id=CVE-2023-32665
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Se encontró una falla en GLib. La deserialización de GVariant es vulnerable a un problema de explosión exponencial en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegación de servicio. • https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html https://security.gentoo.org/glsa/202311-18 https://security.netapp.com/advisory/ntap-20240426-0006 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-36250
https://notcve.org/view.php?id=CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record. Vulnerabilidad de Inyección CSV en el rastreador de tiempo de GNOME versión 3.0.2, permite a atacantes locales ejecutar código arbitrario a través de un archivo .tsv manipulado al crear un nuevo registro. • https://github.com/BrunoTeixeira1996/CVE-2023-36250 https://github.com/BrunoTeixeira1996/CVE-2023-36250/blob/main/README.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •