rpm package
almalinux/mingw64-glib2
pkg:rpm/almalinux/mingw64-glib2
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-52533 | — | < 2.78.6-2.el9 | 2.78.6-2.el9 | Nov 11, 2024 | gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. | ||
| CVE-2024-34397 | Med | 5.2 | < 2.78.6-1.el9 | 2.78.6-1.el9 | May 7, 2024 | An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals tha | |
| CVE-2023-32636 | — | < 2.78.0-1.el9 | 2.78.0-1.el9 | Sep 14, 2023 | A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib bu | ||
| CVE-2023-32611 | — | < 2.78.0-1.el9 | 2.78.0-1.el9 | Sep 14, 2023 | A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. | ||
| CVE-2023-29499 | — | < 2.78.0-1.el9 | 2.78.0-1.el9 | Sep 14, 2023 | A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. | ||
| CVE-2023-32665 | — | < 2.78.0-1.el9 | 2.78.0-1.el9 | Sep 14, 2023 | A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. | ||
| CVE-2021-28153 | — | < 2.70.1-2.el9 | 2.70.1-2.el9 | Mar 11, 2021 | An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security re | ||
| CVE-2021-27219 | — | < 2.66.7-2.el8 | 2.66.7-2.el8 | Feb 15, 2021 | An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | ||
| CVE-2021-27218 | — | < 2.66.7-2.el8 | 2.66.7-2.el8 | Feb 15, 2021 | An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. |
- CVE-2024-52533Nov 11, 2024affected < 2.78.6-2.el9fixed 2.78.6-2.el9
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
- affected < 2.78.6-1.el9fixed 2.78.6-1.el9
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals tha
- CVE-2023-32636Sep 14, 2023affected < 2.78.0-1.el9fixed 2.78.0-1.el9
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib bu
- CVE-2023-32611Sep 14, 2023affected < 2.78.0-1.el9fixed 2.78.0-1.el9
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
- CVE-2023-29499Sep 14, 2023affected < 2.78.0-1.el9fixed 2.78.0-1.el9
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
- CVE-2023-32665Sep 14, 2023affected < 2.78.0-1.el9fixed 2.78.0-1.el9
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
- CVE-2021-28153Mar 11, 2021affected < 2.70.1-2.el9fixed 2.70.1-2.el9
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security re
- CVE-2021-27219Feb 15, 2021affected < 2.66.7-2.el8fixed 2.66.7-2.el8
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
- CVE-2021-27218Feb 15, 2021affected < 2.66.7-2.el8fixed 2.66.7-2.el8
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.