CVE-2023-29499

Опубликовано: 14 сент. 2023

Источник: debian

EPSS Низкий

Описание

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

Пакет	Статус	Версия исправления	Релиз	Тип
glib2.0	fixed	2.74.4-1		package
glib2.0	fixed	2.66.8-1+deb11u1	bullseye	package

https://gitlab.gnome.org/GNOME/glib/-/issues/2794
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport)
Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4)
Be careful. Original fix introduces new bugs, resulting in CVE-2023-32643 and CVE-2023-32636
https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)
https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)

EPSS

Процентиль: 31%

0.0012

Низкий

CVE-2023-29499

CVSS3: 5.5

ubuntu

больше 2 лет назад

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

CVE-2023-29499

CVSS3: 6.2

redhat

больше 3 лет назад

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

CVE-2023-29499

CVSS3: 5.5

nvd

больше 2 лет назад

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

CVE-2023-29499

CVSS3: 5.5

msrc

около 1 года назад

Gvariant offset table entry size is not checked in is_normal()

GHSA-794g-pjcw-ggfp

CVSS3: 5.5

github

больше 2 лет назад

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

EPSS

Процентиль: 31%

0.0012

Низкий