CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32643
https://notcve.org/view.php?id=CVE-2023-32643
14 Sep 2023 — A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. Se encontró una falla en GLib. El código de deserialización de GVariant es vulnerable a un desbordamiento del búfer introducido por la solución para CVE-2023-32665. • https://gitlab.gnome.org/GNOME/glib/-/issues/2840 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32611 – G_variant_byteswap() can take a long time with some non-normal inputs
https://notcve.org/view.php?id=CVE-2023-32611
14 Sep 2023 — A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Se encontró una falla en GLib. La deserialización de GVariant es vulnerable a un problema de desaceleración en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegación de servicio. USN-6165-1 fixed vulnerabilities in GLib. • https://access.redhat.com/security/cve/CVE-2023-32611 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29499 – Gvariant offset table entry size is not checked in is_normal()
https://notcve.org/view.php?id=CVE-2023-29499
14 Sep 2023 — A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. Se encontró una falla en GLib. La deserialización de GVariant no logra validar que la entrada se ajuste al formato esperado, lo que lleva a la denegación de servicio. USN-6165-1 fixed vulnerabilities in GLib. • https://access.redhat.com/security/cve/CVE-2023-29499 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32665 – Gvariant deserialisation does not match spec for non-normal data
https://notcve.org/view.php?id=CVE-2023-32665
14 Sep 2023 — A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Se encontró una falla en GLib. La deserialización de GVariant es vulnerable a un problema de explosión exponencial en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegación de servicio. USN-6165-1 fixed vulnerabilities in GLib. • https://access.redhat.com/security/cve/CVE-2023-32665 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32636 – glib: Timeout in fuzz_variant_text
https://notcve.org/view.php?id=CVE-2023-32636
16 Jun 2023 — A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. Se encontró una falla en glib, donde el código de deserialización gvariant es vulnerable a una denegación d... • https://gitlab.gnome.org/GNOME/glib/-/issues/2841 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3800 – glib2: Possible privilege escalation thourgh pkexec and aliases
https://notcve.org/view.php?id=CVE-2021-3800
10 Nov 2021 — A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. Se ha encontrado un fallo en glib versiones anteriores a 2.63.6. Debido a los alias de conjuntos de caracteres aleatorios, pkexec puede filtrar el contenido de los archivos propiedad de usuarios con privilegios a los que no los presentan bajo la condición apropiada. Red Hat Advanced Cluster Management for Kubernetes 2.2.10 i... • https://access.redhat.com/security/cve/CVE-2021-3800 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-28153 – glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink
https://notcve.org/view.php?id=CVE-2021-28153
11 Mar 2021 — An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) Se detectó un problema en GNOME GLib versiones anteriores a 2.66.8.&... • https://gitlab.gnome.org/GNOME/glib/-/issues/2325 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 1CVE-2021-27219 – glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits
https://notcve.org/view.php?id=CVE-2021-27219
15 Feb 2021 — An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. Se detectó un problema en GNOME GLib versiones anteriores a 2.66.6 y versiones 2.67.x anteriores a 2.67.3. La función g_bytes_new presenta un desbordamiento de enteros en plataformas de 64 bits debido a una conversión implícita de 64 bits a 32 bits. • https://gitlab.gnome.org/GNOME/glib/-/issues/2319 • CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-27218 – glib: integer overflow in g_byte_array_new_take function when called with a buffer of 4GB or more on a 64-bit platform
https://notcve.org/view.php?id=CVE-2021-27218
15 Feb 2021 — An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. Se detectó un problema en GNOME GLib versiones anteriores a 2.66.7 y versiones 2.67.x anteriores a 2.67.4. Si se llamó a la función g_byte_array_new_take() con un búfer de 4 GB o más sobre una plataforma de 64 bits, la longitud debería ser truncada módulo 2*... • https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942 • CWE-190: Integer Overflow or Wraparound CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35457
https://notcve.org/view.php?id=CVE-2020-35457
14 Dec 2020 — GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented ** EN DISPUTA** GNOME GLib versiones anteriores a 2.65.3, presenta un desbordamiento de enteros, que podría conlleva... • https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •