Описание
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glib2.0 | fixed | 2.84.3-1 | package | |
| glib2.0 | not-affected | bookworm | package | |
| glib2.0 | not-affected | bullseye | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2372666
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4655
Introduced wtih: https://gitlab.gnome.org/GNOME/glib/-/commit/34b7992fd6e3894bf6d2229b8aa59cac34bcb1b5 (2.75.3)
Fixed by: https://gitlab.gnome.org/GNOME/glib/-/commit/33d9ba2fcc907b4f9a6c0540f9976b64b6f59db2 (2.85.1)
Backport: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4656
Fixed by: https://gitlab.gnome.org/GNOME/glib/-/commit/987309f23ada52592bffdb5db0d8a5d58bd8097b (2.84.3)
Negligible security impact
EPSS
Связанные уязвимости
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
EPSS