Описание
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glib2.0 | fixed | 2.86.3-1 | package | |
| glib2.0 | fixed | 2.84.4-3~deb13u2 | trixie | package |
| glib2.0 | fixed | 2.74.6-2+deb12u8 | bookworm | package |
Примечания
https://gitlab.gnome.org/GNOME/glib/-/issues/3827
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4915
Fixed by: https://gitlab.gnome.org/GNOME/glib/-/commit/9bcd65ba5fa1b92ff0fb8380faea335ccef56253 (2.86.3)
Fixed by: https://gitlab.gnome.org/GNOME/glib/-/commit/7e5489cb921d0531ee4ebc9938da30a02084b2fa (2.86.3)
Связанные уязвимости
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
