Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-32665

Опубликовано: 14 сент. 2023
Источник: debian

Описание

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
glib2.0fixed2.74.4-1package
glib2.0fixed2.66.8-1+deb11u1bullseyepackage

Примечания

  • https://gitlab.gnome.org/GNOME/glib/-/issues/2121

  • https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125

  • https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport)

  • Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4)

  • Be careful. Original fix introduces new bugs, resulting in CVE-2023-32643 and CVE-2023-32636

  • https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643)

  • https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636)

Связанные уязвимости

ubuntu логотип

CVE-2023-32665

CVSS3: 5.5
ubuntu
почти 2 года назад

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

redhat логотип

CVE-2023-32665

CVSS3: 6.5
redhat
больше 2 лет назад

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

nvd логотип

CVE-2023-32665

CVSS3: 5.5
nvd
почти 2 года назад

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

github логотип

GHSA-c9xj-rf55-c64g

CVSS3: 5.5
github
почти 2 года назад

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

fstec логотип

BDU:2023-07655

CVSS3: 5.5
fstec
около 5 лет назад

Уязвимость библиотеки Glib, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю вызвать отказ в обслуживании