CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32643
https://notcve.org/view.php?id=CVE-2023-32643
14 Sep 2023 — A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. Se encontró una falla en GLib. El código de deserialización de GVariant es vulnerable a un desbordamiento del búfer introducido por la solución para CVE-2023-32665. • https://gitlab.gnome.org/GNOME/glib/-/issues/2840 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32611 – G_variant_byteswap() can take a long time with some non-normal inputs
https://notcve.org/view.php?id=CVE-2023-32611
14 Sep 2023 — A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Se encontró una falla en GLib. La deserialización de GVariant es vulnerable a un problema de desaceleración en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegación de servicio. USN-6165-1 fixed vulnerabilities in GLib. • https://access.redhat.com/security/cve/CVE-2023-32611 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29499 – Gvariant offset table entry size is not checked in is_normal()
https://notcve.org/view.php?id=CVE-2023-29499
14 Sep 2023 — A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. Se encontró una falla en GLib. La deserialización de GVariant no logra validar que la entrada se ajuste al formato esperado, lo que lleva a la denegación de servicio. USN-6165-1 fixed vulnerabilities in GLib. • https://access.redhat.com/security/cve/CVE-2023-29499 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32665 – Gvariant deserialisation does not match spec for non-normal data
https://notcve.org/view.php?id=CVE-2023-32665
14 Sep 2023 — A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Se encontró una falla en GLib. La deserialización de GVariant es vulnerable a un problema de explosión exponencial en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegación de servicio. USN-6165-1 fixed vulnerabilities in GLib. • https://access.redhat.com/security/cve/CVE-2023-32665 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32636 – glib: Timeout in fuzz_variant_text
https://notcve.org/view.php?id=CVE-2023-32636
16 Jun 2023 — A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. Se encontró una falla en glib, donde el código de deserialización gvariant es vulnerable a una denegación d... • https://gitlab.gnome.org/GNOME/glib/-/issues/2841 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 1CVE-2021-27219 – glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits
https://notcve.org/view.php?id=CVE-2021-27219
15 Feb 2021 — An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. Se detectó un problema en GNOME GLib versiones anteriores a 2.66.6 y versiones 2.67.x anteriores a 2.67.3. La función g_bytes_new presenta un desbordamiento de enteros en plataformas de 64 bits debido a una conversión implícita de 64 bits a 32 bits. • https://gitlab.gnome.org/GNOME/glib/-/issues/2319 • CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-27218 – glib: integer overflow in g_byte_array_new_take function when called with a buffer of 4GB or more on a 64-bit platform
https://notcve.org/view.php?id=CVE-2021-27218
15 Feb 2021 — An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. Se detectó un problema en GNOME GLib versiones anteriores a 2.66.7 y versiones 2.67.x anteriores a 2.67.4. Si se llamó a la función g_byte_array_new_take() con un búfer de 4 GB o más sobre una plataforma de 64 bits, la longitud debería ser truncada módulo 2*... • https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942 • CWE-190: Integer Overflow or Wraparound CWE-681: Incorrect Conversion between Numeric Types •