Описание
glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glib-networking | unfixed | package |
Примечания
https://gitlab.gnome.org/GNOME/glib-networking/-/issues/227
https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/263
Fixed by: https://gitlab.gnome.org/GNOME/glib-networking/-/commit/70df675dd4f5e4a593b2f95406c1aac031aa8bc7
OpenSSL backend disabled by default upstream and in Debian
EPSS
Связанные уязвимости
glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.
glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.
Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based()
glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.
Уязвимость функцим g_tls_bio_new_from_iostream() и g_tls_bio_new_from_datagram_based() библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS