rpm package
suse/glib2&distro=SUSE Enterprise Storage 6
pkg:rpm/suse/glib2&distro=SUSE%20Enterprise%20Storage%206
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-32636 | — | < 2.54.3-150000.4.29.1 | 2.54.3-150000.4.29.1 | Sep 14, 2023 | A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib bu | ||
| CVE-2023-32643 | — | < 2.54.3-150000.4.29.1 | 2.54.3-150000.4.29.1 | Sep 14, 2023 | A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to b | ||
| CVE-2023-32611 | — | < 2.54.3-150000.4.29.1 | 2.54.3-150000.4.29.1 | Sep 14, 2023 | A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. | ||
| CVE-2023-29499 | — | < 2.54.3-150000.4.29.1 | 2.54.3-150000.4.29.1 | Sep 14, 2023 | A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. | ||
| CVE-2023-32665 | — | < 2.54.3-150000.4.29.1 | 2.54.3-150000.4.29.1 | Sep 14, 2023 | A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. | ||
| CVE-2021-28153 | — | < 2.54.3-150000.4.29.1 | 2.54.3-150000.4.29.1 | Mar 11, 2021 | An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security re | ||
| CVE-2021-27219 | — | < 2.54.3-4.24.1 | 2.54.3-4.24.1 | Feb 15, 2021 | An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | ||
| CVE-2021-27218 | — | < 2.54.3-4.24.1 | 2.54.3-4.24.1 | Feb 15, 2021 | An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. |
- CVE-2023-32636Sep 14, 2023affected < 2.54.3-150000.4.29.1fixed 2.54.3-150000.4.29.1
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib bu
- CVE-2023-32643Sep 14, 2023affected < 2.54.3-150000.4.29.1fixed 2.54.3-150000.4.29.1
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to b
- CVE-2023-32611Sep 14, 2023affected < 2.54.3-150000.4.29.1fixed 2.54.3-150000.4.29.1
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
- CVE-2023-29499Sep 14, 2023affected < 2.54.3-150000.4.29.1fixed 2.54.3-150000.4.29.1
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
- CVE-2023-32665Sep 14, 2023affected < 2.54.3-150000.4.29.1fixed 2.54.3-150000.4.29.1
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
- CVE-2021-28153Mar 11, 2021affected < 2.54.3-150000.4.29.1fixed 2.54.3-150000.4.29.1
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security re
- CVE-2021-27219Feb 15, 2021affected < 2.54.3-4.24.1fixed 2.54.3-4.24.1
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
- CVE-2021-27218Feb 15, 2021affected < 2.54.3-4.24.1fixed 2.54.3-4.24.1
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.