Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-32611

Опубликовано: 14 сент. 2023
Источник: debian
EPSS Низкий

Описание

A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
glib2.0fixed2.74.4-1package
glib2.0fixed2.66.8-1+deb11u1bullseyepackage

Примечания

  • https://gitlab.gnome.org/GNOME/glib/-/issues/2797

  • https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125

  • https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport)

  • Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4)

  • Be careful. Original fix introduces new bugs, resulting in CVE-2023-32643 and CVE-2023-32636

  • https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)

  • https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)

EPSS

Процентиль: 10%
0.00037
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-32611

CVSS3: 5.5
ubuntu
почти 2 года назад

A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.

redhat логотип

CVE-2023-32611

CVSS3: 6.5
redhat
больше 2 лет назад

A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.

nvd логотип

CVE-2023-32611

CVSS3: 5.5
nvd
почти 2 года назад

A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.

github логотип

GHSA-qjp4-g2mq-4r5w

CVSS3: 5.5
github
почти 2 года назад

A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.

fstec логотип

BDU:2023-07650

CVSS3: 5.5
fstec
больше 2 лет назад

Уязвимость функции g_variant_byteswap() библиотеки Glib, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 10%
0.00037
Низкий