Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-32665

Опубликовано: 14 дек. 2022
Источник: redhat
CVSS3: 6.5

Описание

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

Отчет

This vulnerability allows for a denial of service attack to be performed against applications that process untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6glib2Out of support scope
Red Hat Enterprise Linux 7glib2Out of support scope
Red Hat Enterprise Linux 8glib2Affected
Red Hat Enterprise Linux 9glib2FixedRHSA-2023:663107.11.2023
Red Hat Enterprise Linux 9mingw-glib2FixedRHSA-2024:252830.04.2024
Red Hat Enterprise Linux 9glib2FixedRHSA-2023:663107.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2211827glib: GVariant deserialisation does not match spec for non-normal data

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-32665

CVSS3: 5.5
ubuntu
почти 2 года назад

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

nvd логотип

CVE-2023-32665

CVSS3: 5.5
nvd
почти 2 года назад

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

debian логотип

CVE-2023-32665

CVSS3: 5.5
debian
почти 2 года назад

A flaw was found in GLib. GVariant deserialization is vulnerable to an ...

github логотип

GHSA-c9xj-rf55-c64g

CVSS3: 5.5
github
почти 2 года назад

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

fstec логотип

BDU:2023-07655

CVSS3: 5.5
fstec
около 5 лет назад

Уязвимость библиотеки Glib, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю вызвать отказ в обслуживании

6.5 Medium

CVSS3