Описание
A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).
Отчет
This vulnerability is rated Moderate for Red Hat. An integer overflow in the g_buffered_input_stream_peek() function of the GLib library can lead to a Denial of Service. Exploitation requires specially crafted input and is subject to strict preconditions, primarily causing application crashes.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | bootc | Fix deferred | ||
| Red Hat Enterprise Linux 10 | glib2 | Fix deferred | ||
| Red Hat Enterprise Linux 10 | glycin-loaders | Fix deferred | ||
| Red Hat Enterprise Linux 10 | loupe | Fix deferred | ||
| Red Hat Enterprise Linux 10 | mingw-glib2 | Fix deferred | ||
| Red Hat Enterprise Linux 10 | papers | Fix deferred | ||
| Red Hat Enterprise Linux 10 | rpm-ostree | Fix deferred | ||
| Red Hat Enterprise Linux 6 | glib2 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | glib2 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | glib2 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
3.7 Low
CVSS3
Связанные уязвимости
A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).
A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).
A flaw was found in glib. Missing validation of offset and count param ...
3.7 Low
CVSS3