Описание
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
Applications that just use GBytes to access the data are affected by this flaw but the highest threat is to data confidentiality and/or the application availability, due to possible out-of-bounds reads. However, if the data in GBytes is taken through functions such as g_bytes_unref_to_data or g_bytes_unref_to_array it might be possible to have out-of-bounds writes due to the wrongly reported size of the buffer. Applications that use g_memdup to duplicate memory with user-controlled sizes should pay extra attention to the fact that g_memdup accepts a guint size instead of gsize. Thus directly passing a gsize value to g_memdup may results in integer truncation, allocating a buffer smaller than expected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Not affected | ||
| Red Hat Enterprise Linux 6 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 9 | glib2 | Not affected | ||
| Red Hat Enterprise Linux 6 Extended Lifecycle Support | glib2 | Fixed | RHSA-2021:2467 | 17.06.2021 |
| Red Hat Enterprise Linux 7 | glib2 | Fixed | RHSA-2021:2147 | 31.05.2021 |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | glib2 | Fixed | RHSA-2021:2203 | 02.06.2021 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | glib2 | Fixed | RHSA-2021:2173 | 01.06.2021 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | glib2 | Fixed | RHSA-2021:2174 | 01.06.2021 |
| Red Hat Enterprise Linux 7.4 Telco Extended Update Support | glib2 | Fixed | RHSA-2021:2174 | 01.06.2021 |
| Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions | glib2 | Fixed | RHSA-2021:2174 | 01.06.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before ...
EPSS
9.8 Critical
CVSS3