Описание
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
Отчет
Within regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-124: Buffer Underwrite ('Buffer Underflow') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Secure baseline configurations enforce strict memory handling policies, while change controls ensure any deviations are reviewed and approved. Least functionality reduces the attack surface by disabling unnecessary features that could introduce memory risks. Process isolation contains faults within individual workloads, minimizing broader impact. Real-time monitoring and malicious code protection detect and respond to abnormal memory behavior or exploitation attempts. Hardened configuration settings restrict low-level memory access, lowering the likelihood of unsafe operations. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against buffer underwrite exploits.
Меры по смягчению последствий
Currently, no mitigation is available for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | bootc | Fix deferred | ||
| Red Hat Enterprise Linux 10 | glib2 | Affected | ||
| Red Hat Enterprise Linux 10 | glycin-loaders | Fix deferred | ||
| Red Hat Enterprise Linux 10 | loupe | Fix deferred | ||
| Red Hat Enterprise Linux 10 | mingw-glib2 | Fix deferred | ||
| Red Hat Enterprise Linux 6 | glib2 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | glib2 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | glib2 | Affected | ||
| Red Hat Enterprise Linux 8 | librsvg2 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | mingw-glib2 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.8 Medium
CVSS3
Связанные уязвимости
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
A flaw was found in GLib, which is vulnerable to an integer overflow i ...
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
EPSS
4.8 Medium
CVSS3