Описание
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.
Отчет
This vulnerability is rated Moderate for Red Hat products. A flaw in GLib's Unicode case conversion implementation can lead to memory corruption due to an integer overflow when processing specially crafted and extremely large Unicode strings. Applications that handle untrusted, large Unicode input and utilize GLib for string conversion may be susceptible, potentially resulting in crashes or instability.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | bootc | Fix deferred | ||
| Red Hat Enterprise Linux 10 | glib2 | Fix deferred | ||
| Red Hat Enterprise Linux 10 | glycin-loaders | Fix deferred | ||
| Red Hat Enterprise Linux 10 | loupe | Fix deferred | ||
| Red Hat Enterprise Linux 10 | mingw-glib2 | Fix deferred | ||
| Red Hat Enterprise Linux 10 | papers | Fix deferred | ||
| Red Hat Enterprise Linux 10 | rpm-ostree | Fix deferred | ||
| Red Hat Enterprise Linux 6 | glib2 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | glib2 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | glib2 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.
A flaw was found in GLib. An integer overflow vulnerability in its Uni ...
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.
EPSS
5.4 Medium
CVSS3