Vulnerabilites related to gnome - glib
Vulnerability from fkie_nvd
Published
2011-06-14 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | gdm | 1.0 | |
| gnome | gdm | 2.0 | |
| gnome | gdm | 2.2 | |
| gnome | gdm | 2.3 | |
| gnome | gdm | 2.4 | |
| gnome | gdm | 2.5 | |
| gnome | gdm | 2.6 | |
| gnome | gdm | 2.8 | |
| gnome | gdm | 2.13 | |
| gnome | gdm | 2.14 | |
| gnome | gdm | 2.15 | |
| gnome | gdm | 2.16 | |
| gnome | gdm | 2.17 | |
| gnome | gdm | 2.18 | |
| gnome | gdm | 2.19 | |
| gnome | gdm | 2.20 | |
| gnome | gdm | 2.21 | |
| gnome | gdm | 2.22 | |
| gnome | gdm | 2.23 | |
| gnome | gdm | 2.24 | |
| gnome | gdm | 2.25 | |
| gnome | gdm | 2.26 | |
| gnome | gdm | 2.27 | |
| gnome | gdm | 2.28 | |
| gnome | gdm | 2.29 | |
| gnome | gdm | 2.30 | |
| gnome | gdm | 2.31 | |
| gnome | gdm | 2.32 | |
| gnome | gdm | 2.32.1 | |
| gnome | glib | 2.28 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:gdm:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D650E6-F568-4B7F-8913-3DC10E8F4201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3296F925-6D41-4DA7-BDB2-3B04CF22A53B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7960EC63-69CF-474C-996C-E431CCDD07E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A38317A3-3725-4F32-B675-00F8FB288F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F01AD1-EB1B-4932-B8D7-CBC899B1A02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B760EB2A-6461-477F-B7E5-857117E21AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "973BF2BF-BBF7-41F6-9E38-5150BC8AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7756E66E-2296-4B20-ABC0-B1A2ACF2657B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BC30F499-35B6-40BB-A420-A55F6993DF3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "70640B9F-4EAA-4513-80E4-9DD4A862F27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "27A6CC80-BC52-4B39-9424-E96DDA03666E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "832DE81E-18BB-4276-A6B0-F316A322E83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "898A4607-107C-460F-8CF8-DEF63876B1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "638AAAB0-2077-49F1-A909-0814C94EF96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "14C57E06-FBAB-4950-810D-ADDD74D271FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF56331-0008-4DFE-AB33-08399E48F499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA4F51E-0ACE-4B31-BC58-027691C04941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C37ED748-3C65-45B7-B59E-718A14295E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF1C68D-408A-4150-92C5-C2C392410282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1C364D-5DDF-4B95-9545-AD3C6FD9C744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C0790-C762-48E4-A0BB-9FAD864AA913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "062D578B-AEF0-452C-A3AA-4A0D3F919F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDEFAD-DE2B-4E1E-B155-203E7CEFCFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CD4961-40FC-4A01-A0D3-B904F479BAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C3AC2D-F24A-4F0E-9433-1516BC61209A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF547BB-BD34-4A38-B01A-E0059F70F7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB2319A-2356-492A-A479-57F8D546E688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "59F0314A-4DA4-4767-8FC0-D372302E5F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:gdm:2.32.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B7C06C5-B328-47A2-8567-437A5B96FF1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "1A422B66-EC3B-4A01-8FCF-76716E2A23FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
},
{
"lang": "es",
"value": "GNOME Display Manager (GDM) antes de v2.32.2, cuando se utiliza glib v2.28, permite la ejecuci\u00f3n de un navegador web con el uid de la cuenta de gdm, que permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores implican el tipo MIME x-scheme-handler/http."
}
],
"id": "CVE-2011-1709",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-14T17:55:03.673",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44797"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/44808"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/48084"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
},
{
"source": "cve@mitre.org",
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/8643655"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-14 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E33D2D6B-E8B6-4E5D-947D-FC70AE19D84E",
"versionEndIncluding": "2.31.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A019E2C1-00F1-4EDC-B1B7-E652558E7BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.1.12-1:*:*:*:*:*:*:*",
"matchCriteriaId": "24DA7BB1-8D7F-400A-A3B3-B23947718C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "60B7BBD5-6B5E-4B58-BD1E-27B1F36F045E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "672BB384-C763-48B4-9C58-FE7BEA8D8EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0312B86-2D02-4512-9696-11B445D725AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47C41709-F685-4BAD-8767-0450F97C67F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96C078E7-9C3E-4661-90A2-9C2113298545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2362410B-318B-4736-BAD9-CFB8C3D4C434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CE045C39-C64D-43DF-85B5-6EB60C0F947D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AB16B7B1-A46F-4A79-8A58-C570E6662FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C349526C-B866-45B5-939C-E4DFA80FBC5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4FC22F-5EA0-4053-B242-CED3AB9F6241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2462C081-44BD-4CF8-A1AE-AC200E03AFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49AB308A-7E41-4AF8-89F2-AC5C479E96D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70634385-5DDA-4B0B-BC67-C2E928503DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB3C2C5-1058-4DE9-A1F2-244DF58D2176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6D891095-A6AE-407B-B021-63E93129332B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0B7C20-8A80-415B-B5CE-4684441E7D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8A245FB4-5D75-48EB-B9E0-0AAD1B8440BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F23134-8B38-4E92-8F37-8A7D0284A463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:1.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEE8E5E-D1EE-4568-8DB6-11671AD6077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "510CF799-7651-4494-A420-6BD7CAF89A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36B6E8F4-AFE4-4282-BA64-A9EE04DB221B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C8750F-03E2-42BC-A943-9FE07915FA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABDC0CF-DF74-4CDD-9063-CA286A717697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA541678-D8C0-4DBD-B0A6-A5BB6A940E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "28094321-272A-42EB-8050-40394B203DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E199DCA-171C-48BD-9DCF-16F2DDFA708A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CBB1AF-0146-4DA9-91BA-D01BFC8CD789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E59C5A26-2A8D-4DED-B8B8-D35265CAD9C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F901325E-726C-47DF-B37E-502EDDF2FE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFE8A0A9-BF35-49B8-88B6-F0EEE3951C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B758C20-D816-4A10-913E-B909099AEDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E98782A-2074-40D7-A9FE-4A8DFC8176EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DC272403-E703-45E6-85BC-44EC3EB3068C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3482E431-54F9-4F55-916F-85929DDABD70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF373A34-1893-4F3C-AAC5-47385704C9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D74CF1B8-EBF2-43A5-A963-70D8A39D6547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6E294C-5A95-45F2-9F4B-8CD9F882FFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA247204-6B7F-49FF-9C03-F9748364FEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "906372CF-C6C4-480B-BE31-6023795A6B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75CCC9A4-3745-4F2A-BB22-AA6E689B6B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDC2DF2-692E-403D-98F5-76F356A18154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B58B8C78-7161-417F-8E32-3AC9B02BB417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "649167AE-BE01-48A7-B6DE-9A4A3F81C50D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBF1DA5-2A25-4A05-8EDD-3D5C8F0A0AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07BEBD23-C23B-4064-BAD7-461BCDE04248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "241DEF44-E42E-4FF9-8E09-5320A3C67FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA04459A-9251-4D1C-A197-611AE002AF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6013BA3-8F79-43DA-A8CF-2C385586D34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404326F8-9395-409F-B75B-7ED3A1D26945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E14741D3-0AC2-43EC-8EFC-A1D85EA1932E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "93F5B07B-BCC1-4D25-B7AE-BC1D4FEF712F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7150A774-3016-4068-8A96-33B6273CAE60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D4511C39-2A02-4B80-9BAA-290BAC6FE7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2254AD24-F049-4E72-A72E-4243B20AD3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC437394-7F10-47F8-8023-086F7F2B7823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6858B0FA-F741-434C-8FA8-D715BA0CDB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8E3DE-D89A-4B02-A023-164BF46879F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "960AAF9F-B71F-4476-B7A7-3541D9934D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F68A6A8F-30FE-4A24-96BA-957271C91F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAEBAD9-8A85-45A6-9F05-07B655DDC03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAE97B9-AE2D-4176-A125-8E91AB08838C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC0E8CF-47F0-460F-A300-E6EE2B31A3DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0FAEA8-8341-4027-8333-006A92722479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "237012CA-2C58-4012-B619-51DE8A144E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D9E41E-C186-4848-ACE1-81E8CC3C7435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4530B0A3-69D5-4D42-BEF5-CDD0F2D09A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2F94E48C-21AF-4B78-B9D7-321D440FD1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACE0005-BB8F-4992-B494-AF1CF711984B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0AC803-DB9F-400A-945D-11668A2DCBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E94F609-CCD7-439E-BD42-BF20522B159F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A31B0AF3-F675-4F2F-80EE-E7868BABADFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A501A3B-5805-4319-A595-E21E2B69CBE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1769BD03-543D-43E4-B594-B16FFA15B4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3105DFC-7F56-462B-903F-F00E8866CA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27ECFE5C-6DF4-479A-8476-9999B6400989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6126D4C1-0A95-4AF9-9AD5-DE7A13D3FF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "880E7538-6E48-4F3B-9DAB-552382967E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DFABF7-98BD-4849-8AB4-C2BB72DD175F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D99467-96E1-4286-A5A5-C03A80F3A6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D37A6E2F-856B-4CE3-BC10-11552E74F9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9510301D-6814-4F81-8E4D-A6D0C3311264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF350E8-61BF-4A05-8210-39E448F4DD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D39C95-819B-45A6-A5C1-8C2E2F8E1FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A7042E-8093-49C5-9545-00BBBE981615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95925F5C-536A-4DB0-87A3-C420964152EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "618A2826-7A48-4110-BE89-B6BF88D6AFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5A7102-4765-46FC-BF2E-58071CCE6B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F49DD8ED-F7A3-4B8C-84E0-5CF7488A97BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C3FC6F03-7941-4714-8215-139EBB670BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8C0B5C-045F-4AD9-943A-D2BDC2098DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2A8F1D-0C79-424C-A24E-08896CDD2E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DEAFBD6-D41B-4459-AE9E-C76072427552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFC0AD3-3E00-4729-9505-4B12B49FF532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAC3499-6A94-4C5A-A866-EFC523973F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7084502-B4E4-4342-ACDF-2C571DE7DF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84FBC99A-F25C-42B6-BD11-F63BD09E31AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF82B19-75B5-4A26-BD82-F92ECB0B82B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E6266F39-3DFC-4D4A-BAE8-E6C9B7622A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F3EE21-04E3-40A9-806B-21113170F976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB91A000-AEEE-4437-B266-8E08541162B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3D9ED6-7915-49F6-8A69-71B12ADA57EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C827838A-564A-4FEF-BFFE-746AE1A7A0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1359A1D-380D-4437-975B-2F318A7C812A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ECAF41CA-7F6E-450E-A210-796352FE375B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FF573B76-3BA4-4E26-AE83-3423522B2660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D10FCF77-2029-4247-8271-2A519C40B8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D30790DC-6A65-4B67-9099-4C4CA6B5B9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5802E-7FE3-465C-B0C3-678940F8B331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4D24AD-D99C-41D5-B375-459AD61B97E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB25153-5691-4D26-B8B4-3990B4A257E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F5139BCA-916B-4A1A-8959-DB6B15D25158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "23BF1ADE-2FB4-4E99-9266-CC661C4E3304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B11B2FB1-0BED-4E36-8F59-B65AE140A678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C2F55F-2FCA-4CBA-9EA8-24CFB6C08A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD689991-73C3-46BF-97F8-AA0E33206611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA556C59-DF48-42C5-AAC8-5B9100621E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8787C5-C512-4CE0-9627-F4030BD22B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FF9E3A-9F0C-41ED-994B-0B6989EE11B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D709FB45-4641-46DF-A20A-1479DEA2A2FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "938EF17B-1506-4CBC-AA07-9CDC15D6D86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87AC6CC9-6282-4475-9F55-AB87117D9167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B3DC95E9-C884-4828-93D3-4D699BF07844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70BE7B9C-D09C-446D-A070-0CCE1E02A758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "746674E9-82DE-4170-BCAD-39BE7DFF5EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8A4585-4992-4857-99B3-4B53D561E10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7E8B23-8E3E-4507-B54F-D8905FFD859A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE194F9D-B26E-489B-9D38-DCFF27039C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72B0EB43-FD63-442A-A851-2985467AAA04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B29EF90F-50F8-4333-88C4-812A5C3BD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E95034A-16E4-4E2A-85A8-DBCF3DFEE8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "210B0482-CF83-4B4D-9FC4-A56FD4D5E600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4DB1E7-7ECF-4884-AE56-173BC8E5204A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC5D2E-7996-416A-B384-08A16C867333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD7584-AB77-47EB-99B2-E0DC7ED73D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CFB8E1D-8A30-4656-97BC-606826E24E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54D8107C-5DE3-441A-9364-68A385D0B1B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F24BE7-8537-4EB6-B723-0CEC665C7DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2EE898B-E751-47EB-991F-BBDA5F2070F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "381BB977-B591-4FCD-AC9D-8AFE1AFAA7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A36251E-1D68-4859-B304-92E384E4CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "08735563-21CD-4290-8115-B2AF70D481DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53E07683-77FA-4FAF-9545-371C40C70744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "801D4C20-C9B2-482F-9D6A-9F782BDB763A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3DE46DA-CCF0-40AE-A7D7-33276640643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30C4DD4C-C60F-4F6A-B003-2955B9EC0B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC36329C-6057-4346-AA65-CB2312920A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1228F0C2-E66A-4F48-AE0A-9AD0552E9959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4A5BA6-FE9A-45AE-AF05-32A2557EBB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5A6C36-A52E-4253-964B-4B9B337F2A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE12FC33-67DD-4DDF-AFB7-FD8C5BD654BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87F6AD5A-BDC8-4F94-9725-D298FA6CF8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9792FE7E-909E-4699-A6C8-BF0D793DB8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69A70A71-A500-44F1-89D2-DBDE0353E375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70055D77-2D82-415E-AB81-B735FE31AD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0462CD-2DE7-4645-8B89-E33519FDA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA31369-73AA-4391-9F5A-A4EC1D762C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72399688-2668-4C71-9BF5-36C5BDEC01B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "640B86E0-79F3-49E2-8E6D-D28D1D36B461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5A8B88-960D-46E9-AD32-492DBD6C78D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8832DF3C-27FA-4D4C-96EC-E11D3C7B8198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E86E11-F6F8-43B7-A9E5-C6042F42BB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBD2138-50FB-4AC5-9F02-D8E6CF5B9E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.19.6:*:*:*:*:*:*:*",
"matchCriteriaId": "49CB6D91-3B73-4A8D-A80C-B9BC3912D1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCEE124A-AE8B-424E-85CE-C092C3404A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.19.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D52BDC0D-4AB1-40F3-9EA2-705760E7988C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "373D9087-DD0D-4EFC-8792-1D73C7045481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9945A57-E353-49E3-B18F-A92B5B21327F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D58254F-C7AE-4AC6-ADC7-60A26DDA9626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3938298-2B6F-45D7-BF8D-3BA7C07F2407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A25B8BF-83E0-422B-8BC9-3B43F8DC91C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FFD884-169B-4C8F-B04C-F55483874F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EB7EA2-FD54-440D-9EB6-986D47E18DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE297118-6664-4C2D-9B33-52C4E8F92B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2F9194-3257-40C5-A9E7-5193E209482F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91DB4202-A360-4BB7-8007-654B317CFF0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC38396-6C14-4FE8-A4BF-AE0F5D322000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA33CE-C891-4695-819F-A2874D6EBF29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8B0C804D-94D5-4BDB-9583-64144A1D0CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.21.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E43D8D0D-2FB8-473D-8CB4-BA7EB7CAE7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.21.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDA49E4-A31B-4EA6-B237-26CE287B066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5101C860-19E6-4A94-9E53-E71690E76225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56710061-5DF5-4349-A293-7FE7697BF0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB4B255-9380-49BA-BF6A-E3088B4A99AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80F24DFC-08D6-495F-AC73-401BEA09A392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.22.4:*:*:*:*:*:*:*",
"matchCriteriaId": "14FE64F8-60CE-471E-B479-4C6D300317A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.22.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EDB1C3-FFA0-4C20-BCCE-B1F0FE415764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D248ABE5-8A99-4CB4-9000-A4F5071B8399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "287307F3-9FCB-4C57-9F94-762C1A02626D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD401FE-8DA7-4539-9C94-EB88D0D251E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E3A8D7-7BAD-412B-BF86-70D018C698AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F55A270B-FF4C-4E28-B30E-3889B4CDDC80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.23.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB41AC9D-262D-403F-B3D8-CA02FB8B05D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.23.6:*:*:*:*:*:*:*",
"matchCriteriaId": "35BC0308-3EE8-44F2-9594-11BA29AD846F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA98A10-F4AA-427E-B446-7EBB7FB886DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "658C2767-5088-4406-B9A9-9DDCB2072BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03BF4127-5AA8-482E-BA22-C10056591369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA9D127-2FCD-4575-8737-8D2DC1FE5936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B447B629-6679-474F-BBC1-B3BAE421A3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.2:*:*:*:*:*:*:*",
"matchCriteriaId": "672A59AC-85A6-4305-A98C-62AC7533D673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE154243-00FB-4A94-A800-81A1242770A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C5A258-9040-46CF-ABCC-DB6019118134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.5:*:*:*:*:*:*:*",
"matchCriteriaId": "248D3C5A-3C8D-4B51-A330-01AB6F173295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EC25087C-51ED-4C62-8CA5-0147C53B586A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CADCC72F-8E9D-442B-801E-28A6B3BDDC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1B03D026-9AF3-4596-87FA-679FA561BF50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9D57EA-11E9-425B-878A-7354477BDFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.10:*:*:*:*:*:*:*",
"matchCriteriaId": "10374333-2005-47C1-A3FF-C4D389214CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA6C943-FD5A-451C-851C-DAB636BB12EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.12:*:*:*:*:*:*:*",
"matchCriteriaId": "23673B95-5F6E-45EB-8DE0-954EB6BB989E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.13:*:*:*:*:*:*:*",
"matchCriteriaId": "40B0D082-1091-4439-A68C-DE83AD0FA678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1912AF93-900A-4784-8458-32BF29E30219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.15:*:*:*:*:*:*:*",
"matchCriteriaId": "402CFA41-C44B-45B6-A15D-E26B880CAFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A7DA8D-4E52-429A-BFE0-855F7999B9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.25.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E797B88E-D360-4173-8523-77AB3A25F18E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D3B39B-071E-4C9C-A35A-359972707183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B74892B3-DD84-40B8-9B4B-B6FA9CA96D6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C3EB9A-E3D1-4392-B16B-CBF4E7454AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A4F8891-BEF9-4473-B73D-8C6AE70580DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.27.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A78AC94-EED8-44E0-A578-C775BAD825A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.27.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8B4B0D-6DC4-446D-948A-8725D837D787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.27.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0863DDB-0A4D-42D7-BB77-303F14989A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.27.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A813861A-8EC7-4DC4-B1AB-EEE89EFC1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.27.90:*:*:*:*:*:*:*",
"matchCriteriaId": "3EAD6161-6A83-49F8-9E76-E018F77EC428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.27.91:*:*:*:*:*:*:*",
"matchCriteriaId": "06E413BD-8F46-4FC6-81E3-B34F7B8D6BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.27.92:*:*:*:*:*:*:*",
"matchCriteriaId": "AD326A7C-A301-407A-99D9-F3B2986F4E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.27.93:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5E83AC-E077-4606-A923-28F5F6E0F35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "1A422B66-EC3B-4A01-8FCF-76716E2A23FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE23196-1A02-47C2-9803-DAC53FAD4C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C02876-9CAA-4B4B-9204-303EE19BB111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B290C696-E5AF-4F3F-B66A-3BB5E4D3A074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.28.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7C70AD-610B-4D30-A90F-67D21CD56D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.28.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA529859-924C-458E-B7EC-CE6D4A5F22E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.28.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A96EB4-0FF2-464D-A7EA-1458098B02F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.28.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0C38A1-9E62-405E-935E-769D43330C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.28.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D469426-87D7-42FC-8851-9104CDA66D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.28.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9A39F9CC-2B57-4A3D-BCB7-CFA1E0D91017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.29.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17CAE7D9-4756-4250-8851-6AC6D65B3B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.29.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E40ABB3-7F73-43E5-ACD3-DDAE9E6CE8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.29.6:*:*:*:*:*:*:*",
"matchCriteriaId": "468BE819-5361-491F-96DF-6B47CE86DB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.29.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4038B917-1788-4F9E-B279-B322CB45B370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.29.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C54CB850-3DF3-4DDC-ADAF-2FEC561CBAA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.29.12:*:*:*:*:*:*:*",
"matchCriteriaId": "29233076-0584-4250-BF37-70BBA0622424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.29.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBE6222-F9BB-443D-820C-35DB380B8A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.29.16:*:*:*:*:*:*:*",
"matchCriteriaId": "464C31AE-DA2F-4C2D-97BF-E8E6AB2C1D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.29.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2639793F-B988-4979-AF00-9DDB6AAF470B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.29.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F322820C-3D71-4D16-A676-729E106CE17A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.29.92:*:*:*:*:*:*:*",
"matchCriteriaId": "47A1B068-6936-46DA-BE2A-867F7D93F483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86AF4E55-3250-44EA-95C1-7F14F3432DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.30.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15173499-EF58-463F-9296-28D5B6FD725F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.30.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9A39FA-B2AA-48B5-9DAA-CDE839E0C56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDC6F24-35F5-4306-A472-2A73BC08ACB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6064D3-2E39-4018-B8E1-AB38A19D8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.31.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE8B86AB-4FAA-4AEA-88D7-028F4C37F0A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.31.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7E266D-3993-49CB-964E-DF4CB3B730A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "secalert@redhat.com",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application."
},
{
"lang": "es",
"value": "** DISPUTADA ** GLib 2.31.8 y anteriores, cuando la funci\u00f3n g_str_hash est\u00e1 utilizada, calcula los valores hash sin restringir la capacidad de provocar colisiones previsibles, lo que permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de entradas manipuladas en una aplicaci\u00f3n que mantiene una tabla hash. NOTA: este problema lo puede disputar el proveedor, la existencia de la funci\u00f3n g_str_hash no se tarta de una vulnerabilidad en la librer\u00eda, porque llamadores de g_hash_table_new y g_hash_table_new_full pueden especificar una funci\u00f3n hash arbitraria que sea apropiada para la aplicaci\u00f3n."
}
],
"id": "CVE-2012-0039",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2012-01-14T17:55:01.257",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044"
},
{
"source": "secalert@redhat.com",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2012/01/10/12"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2012/01/10/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772720"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-14 20:15
Modified
2024-11-21 07:57
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF67CEA-BB12-4E90-9788-1AD9EF0FCB38",
"versionEndExcluding": "2.74.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en GLib. La deserializaci\u00f3n de GVariant no logra validar que la entrada se ajuste al formato esperado, lo que lleva a la denegaci\u00f3n de servicio."
}
],
"id": "CVE-2023-29499",
"lastModified": "2024-11-21T07:57:10.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-14T20:15:09.420",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-29499"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20231103-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-29499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231103-0001/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-04 00:29
Modified
2024-11-21 03:52
Severity ?
Summary
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | glib | 2.56.1 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:2.56.1:*:*:*:*:*:*:*",
"matchCriteriaId": "784A5B8E-F33F-4926-9E40-D79AA9E25932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference."
},
{
"lang": "es",
"value": "En GNOME GLib 2.56.1, g_markup_parse_context_end_parse() en gmarkup.c tiene una desreferencia de puntero NULL."
}
],
"id": "CVE-2018-16428",
"lastModified": "2024-11-21T03:52:44.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-04T00:29:01.557",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2020/02/14/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105210"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1364"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3767-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3767-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2020/02/14/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3767-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3767-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-14 20:15
Modified
2024-11-21 08:03
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF67CEA-BB12-4E90-9788-1AD9EF0FCB38",
"versionEndExcluding": "2.74.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en glib, donde el c\u00f3digo de deserializaci\u00f3n gvariant es vulnerable a una denegaci\u00f3n de servicio introducida por una validaci\u00f3n de entrada adicional agregada para resolver CVE-2023-29499. La validaci\u00f3n de la tabla de desplazamiento puede ser muy lenta. Este error no afecta a ninguna versi\u00f3n publicada de glib, pero s\u00ed afecta a los distribuidores de glib que siguieron las instrucciones de los desarrolladores de glib para respaldar la soluci\u00f3n inicial para CVE-2023-29499."
}
],
"id": "CVE-2023-32636",
"lastModified": "2024-11-21T08:03:44.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-14T20:15:09.653",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2841"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231110-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231110-0002/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-14 20:15
Modified
2024-11-21 08:03
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF67CEA-BB12-4E90-9788-1AD9EF0FCB38",
"versionEndExcluding": "2.74.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en GLib. La deserializaci\u00f3n de GVariant es vulnerable a un problema de explosi\u00f3n exponencial en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2023-32665",
"lastModified": "2024-11-21T08:03:48.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-14T20:15:09.883",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32665"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211827"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2121"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20240426-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240426-0006/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-28 13:15
Modified
2025-08-13 19:40
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2025-4056 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2362826 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://gitlab.gnome.org/GNOME/glib/-/issues/3668 | Issue Tracking |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5482ED3A-BF19-4797-82A5-0EAEA4D97D82",
"versionEndExcluding": "2.84.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en GLib. En plataformas Windows, puede producirse una denegaci\u00f3n de servicio si una aplicaci\u00f3n intenta generar un programa mediante l\u00edneas de comando largas."
}
],
"id": "CVE-2025-4056",
"lastModified": "2025-08-13T19:40:02.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-28T13:15:30.177",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-4056"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362826"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3668"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-14 23:15
Modified
2024-11-21 05:27
Severity ?
Summary
GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d | Patch, Vendor Advisory | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/glib/-/issues/2197 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/glib/-/releases/2.65.3 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/glib/-/issues/2197 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/glib/-/releases/2.65.3 | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD090CE9-211D-48D6-AE92-BBAFA45A08C5",
"versionEndExcluding": "2.65.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor\u0027s position is \"Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries().\" The researcher states that this pattern is undocumented"
},
{
"lang": "es",
"value": "** EN DISPUTA** GNOME GLib versiones anteriores a 2.65.3, presenta un desbordamiento de enteros, que podr\u00eda conllevar a una escritura fuera de l\u00edmites, en la funci\u00f3n g_option_group_add_entries.\u0026#xa0;NOTA: la posici\u00f3n del proveedor es \"Realistically this is not a security issue\". El patr\u00f3n est\u00e1ndar es que las personas que llaman proporcionen una lista est\u00e1tica de entradas de opciones en un n\u00famero fijo de llamadas a la funci\u00f3n g_option_group_add_entries(). El investigador afirma que este patr\u00f3n est\u00e1 indocumentado"
}
],
"id": "CVE-2020-35457",
"lastModified": "2024-11-21T05:27:19.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-14T23:15:12.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2197"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/releases/2.65.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/releases/2.65.3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-12 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gimp | gimp | * | |
| gnome | glib | * | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E253428-AC8A-42CB-B8BC-F803F24BD112",
"versionEndIncluding": "2.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F756960-3636-47A5-97DC-0033DC6B8450",
"versionEndIncluding": "2.24.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en la funci\u00f3n load_image en file-xwd.c del plugin X Window Dump (XWD) de GIMP 2.6.9 y anteriores versiones, cuando se usa en glib anterior a la versi\u00f3n 2.24, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de valores de grandes entradas de color en un volcado de imagen X Window System (XWD)."
}
],
"id": "CVE-2013-1913",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-12T18:55:10.710",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1778.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2013/dsa-2813"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64105"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2051-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=947868"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201603-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1778.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2013/dsa-2813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2051-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=947868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201603-01"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-14 20:15
Modified
2024-11-21 08:03
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "510DFD41-BCB1-4BCA-B1CE-261DFAB2BD8A",
"versionEndExcluding": "2.75.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en GLib. El c\u00f3digo de deserializaci\u00f3n de GVariant es vulnerable a un desbordamiento del b\u00fafer introducido por la soluci\u00f3n para CVE-2023-32665. Este error no afecta a ninguna versi\u00f3n publicada de GLib, pero s\u00ed afecta a los distribuidores de GLib que siguieron las instrucciones de los desarrolladores de GLib para respaldar la soluci\u00f3n inicial para CVE-2023-32665."
}
],
"id": "CVE-2023-32643",
"lastModified": "2024-11-21T08:03:45.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-14T20:15:09.770",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2840"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20240426-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240426-0005/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-15 17:15
Modified
2024-11-21 05:57
Severity ?
Summary
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | glib | * | |
| gnome | glib | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | e-series_performance_analyzer | - | |
| broadcom | brocade_fabric_operating_system_firmware | - | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75B40F42-BA65-4AAE-AA5B-34D0AD59E17F",
"versionEndExcluding": "2.66.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6011C526-C3E7-42A9-AAE8-16AE5CE53C0B",
"versionEndExcluding": "2.67.3",
"versionStartIncluding": "2.67.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2748912-FC54-47F6-8C0C-B96784765B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en GNOME GLib versiones anteriores a 2.66.6 y versiones 2.67.x anteriores a 2.67.3.\u0026#xa0;La funci\u00f3n g_bytes_new presenta un desbordamiento de enteros en plataformas de 64 bits debido a una conversi\u00f3n impl\u00edcita de 64 bits a 32 bits.\u0026#xa0;El desbordamiento podr\u00eda conllevar a una corrupci\u00f3n de la memoria"
}
],
"id": "CVE-2021-27219",
"lastModified": "2024-11-21T05:57:37.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-15T17:15:13.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2319"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-681"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-11 22:15
Modified
2024-11-21 05:59
Severity ?
Summary
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | glib | * | |
| broadcom | brocade_fabric_operating_system_firmware | - | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAE1174-32D0-4FB9-94D8-E3EE23AEC070",
"versionEndExcluding": "2.66.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2748912-FC54-47F6-8C0C-B96784765B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)"
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en GNOME GLib versiones anteriores a 2.66.8.\u0026#xa0;Cuando es usada la funci\u00f3n g_file_replace() con G_FILE_CREATE_REPLACE_DESTINATION para reemplazar una ruta que es un enlace simb\u00f3lico colgante, tambi\u00e9n crea incorrectamente el destino del enlace simb\u00f3lico como un archivo vac\u00edo, lo que posiblemente podr\u00eda tener relevancia de seguridad si el enlace simb\u00f3lico est\u00e1 controlado por un atacante.\u0026#xa0;(Si la ruta es un enlace simb\u00f3lico para un archivo que ya existe, entonces el contenido de ese archivo permanece sin cambios correctamente)"
}
],
"id": "CVE-2021-28153",
"lastModified": "2024-11-21T05:59:11.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-11T22:15:12.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2325"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-07 18:15
Modified
2025-06-18 14:36
Severity ?
Summary
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | glib | * | |
| gnome | glib | * | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 39 | |
| fedoraproject | fedora | 40 | |
| netapp | ontap_tools | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4348437A-2040-43EA-8997-57EA6EB39B0B",
"versionEndExcluding": "2.78.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69EB147E-F215-48D7-BF1F-60583D3AD1A0",
"versionEndExcluding": "2.80.1",
"versionStartIncluding": "2.79.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "5333B745-F7A3-46CB-8437-8668DB08CD6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GNOME GLib anterior a 2.78.5 y en 2.79.x y 2.80.x anterior a 2.80.1. Cuando un cliente basado en GDBus se suscribe a se\u00f1ales de un servicio de sistema confiable, como NetworkManager, en un ordenador compartido, otros usuarios del mismo ordenador pueden enviar se\u00f1ales D-Bus falsificadas que el cliente basado en GDBus interpretar\u00e1 err\u00f3neamente como enviadas por el mismo. servicio de sistema confiable. Esto podr\u00eda provocar que el cliente basado en GDBus se comporte incorrectamente, con un impacto que depende de la aplicaci\u00f3n."
}
],
"id": "CVE-2024-34397",
"lastModified": "2025-06-18T14:36:02.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-07T18:15:08.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240531-0008/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/05/07/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240531-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/05/07/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-12 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gimp | gimp | * | |
| gnome | glib | * | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E253428-AC8A-42CB-B8BC-F803F24BD112",
"versionEndIncluding": "2.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F756960-3636-47A5-97DC-0033DC6B8450",
"versionEndIncluding": "2.24.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n read_xwd_cols en file-xwd.c en el plugin X Window Dump (XWD) de GIMP 2.6.9 y anteriores versiones permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un volcado de imagen X Window System (XWD) con m\u00e1s colores que las entradas del mapa de color."
}
],
"id": "CVE-2013-1978",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-12T18:55:10.757",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1778.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2013/dsa-2813"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64098"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2051-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=953902"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201603-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1778.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2013/dsa-2813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2051-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=953902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201603-01"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-09 20:15
Modified
2024-11-21 05:36
Severity ?
Summary
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | glib | * | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73D3EA88-DAC7-42CB-B866-231ADC38EA4A",
"versionEndIncluding": "2.62.4",
"versionStartIncluding": "2.60.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected."
},
{
"lang": "es",
"value": "GSocketClient en GNOME GLib versiones hasta 2.62.4, ocasionalmente puede conectarse directamente a una direcci\u00f3n de destino en lugar de conectarse por medio de un servidor proxy cuando se configur\u00f3 para hacerlo, porque el campo proxy_addr es manejado inapropiadamente. Este error depende de la sincronizaci\u00f3n y puede ocurrir solo espor\u00e1dicamente dependiendo de los retrasos de la red. La mayor relevancia de seguridad se encuentra en los casos de uso donde es utilizado un proxy para ayudar con la privacidad y el anonimato, aunque no existe una barrera t\u00e9cnica para una conexi\u00f3n directa. NOTA: las versiones anteriores a 2.60 no est\u00e1n afectadas."
}
],
"id": "CVE-2020-6750",
"lastModified": "2024-11-21T05:36:07.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-09T20:15:11.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1160668"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1989"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RIFEDSRJ4P3WFCMDUOFQ2LEILZLMDW7/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMLGW55HOQXHMTIPH2PWXFRBNBWVO4W/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEM7MMAXMWCDPUH4MTUZ763MBB64RRLJ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200127-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1160668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RIFEDSRJ4P3WFCMDUOFQ2LEILZLMDW7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMLGW55HOQXHMTIPH2PWXFRBNBWVO4W/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEM7MMAXMWCDPUH4MTUZ763MBB64RRLJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200127-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-14 20:15
Modified
2024-11-21 08:03
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A30FA8-F2FB-4637-9EBB-5F2F8D057180",
"versionEndExcluding": "2.74.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en GLib. La deserializaci\u00f3n de GVariant es vulnerable a un problema de desaceleraci\u00f3n en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2023-32611",
"lastModified": "2024-11-21T08:03:41.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-14T20:15:09.550",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32611"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211829"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2797"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20231027-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231027-0005/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-08 08:29
Modified
2024-11-21 04:52
Severity ?
Summary
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107391 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/glib/issues/1649 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107391 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/glib/issues/1649 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:2.59.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A458C7A4-9CAA-4788-AE15-F8C9055980F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany)."
},
{
"lang": "es",
"value": "gio/gsocketclient.c en GNOME GLib, en su versi\u00f3n 2.59.2, no garantiza que un GTask padre permanezca vivo durante la ejecuci\u00f3n de una enumeraci\u00f3n de intento de conexi\u00f3n, lo que permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (mala gesti\u00f3n de g_socket_client_connected_callback y cierre inesperado de la aplicaci\u00f3n) mediante un sitio web manipulado, tal y como queda demostrado con GNOME Web. Este \u00faltimo tambi\u00e9n se conoce como Epiphany."
}
],
"id": "CVE-2019-9633",
"lastModified": "2024-11-21T04:52:00.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-08T08:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107391"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1649"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-11 23:15
Modified
2025-06-17 01:23
Severity ?
Summary
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.gnome.org/GNOME/glib/-/issues/3461 | Exploit, Issue Tracking | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 | Release Notes | |
| cve@mitre.org | https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/11/12/11 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20241206-0009/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | glib | * | |
| debian | debian_linux | 11.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | ontap_tools | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32E09658-F3FD-4CCB-B082-45C8F17535C5",
"versionEndExcluding": "2.82.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "5333B745-F7A3-46CB-8437-8668DB08CD6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing \u0027\\0\u0027 character."
},
{
"lang": "es",
"value": "gio/gsocks4aproxy.c en GNOME GLib anterior a 2.82.1 tiene un error de un byte y el consiguiente desbordamiento de b\u00fafer porque SOCKS4_CONN_MSG_LEN no es suficiente para un car\u00e1cter \u0027\\0\u0027 final."
}
],
"id": "CVE-2024-52533",
"lastModified": "2025-06-17T01:23:56.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-11T23:15:05.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3461"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/11/12/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20241206-0009/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-29 17:29
Modified
2024-11-21 04:22
Severity ?
Summary
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | glib | * | |
| debian | debian_linux | 8.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 | |
| opensuse | leap | 15.0 | |
| fedoraproject | fedora | 30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25C83FEE-9D85-4274-9A7C-C8F604DE99F8",
"versionEndIncluding": "2.61.1",
"versionStartIncluding": "2.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used."
},
{
"lang": "es",
"value": "La funci\u00f3n file_copy_fallback en el archivo gio/gfile.c en GNOME GLib versi\u00f3n 2.15.0 hasta la 2.61.1, no restringe apropiadamente los permisos de los archivos durante una operaci\u00f3n de copia en progreso. En su lugar, se utilizan los permisos por defecto."
}
],
"id": "CVE-2019-12450",
"lastModified": "2024-11-21T04:22:52.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-29T17:29:00.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3530"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190606-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4014-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4014-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190606-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4014-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4014-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
},
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-14 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3EFA5CC-71E9-43CC-8C63-9F8288119631",
"versionEndIncluding": "2.16.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D74CF1B8-EBF2-43A5-A963-70D8A39D6547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "72B0EB43-FD63-442A-A851-2985467AAA04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B29EF90F-50F8-4333-88C4-812A5C3BD2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:2.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A36251E-1D68-4859-B304-92E384E4CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos en glib/gbase64.c en GLib antes de la versi\u00f3n 2.20 permiten ejecutar, a atacantes dependientes del contexto, c\u00f3digo arbitrario a trav\u00e9s de una cadena demasiado larga que es convertida o bien (1) en o bien (2) desde una representaci\u00f3n base64."
}
],
"id": "CVE-2008-4316",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-14T18:30:00.343",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/03/12/2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34267"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34317"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34404"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34416"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34560"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34854"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34890"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38794"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38833"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://svn.gnome.org/viewvc/glib?view=revision\u0026revision=7973"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0045"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1747"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:080"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ocert.org/advisories/ocert-2008-015.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/03/16/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00744.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0336.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/501712/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/501766/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34100"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1021884"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-738-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49272"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11401"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8360"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01113.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/03/12/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://svn.gnome.org/viewvc/glib?view=revision\u0026revision=7973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2008-015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/03/16/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00744.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0336.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501712/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501766/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-738-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01113.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-28 15:15
Modified
2024-11-21 04:24
Severity ?
Summary
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27A1C30-C421-487F-BF42-C1AF1387CF9B",
"versionEndExcluding": "2.59.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-\u003edir, NULL, NULL) and files using g_file_replace_contents (kfsb-\u003efile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450."
},
{
"lang": "es",
"value": "La back-end de configuraci\u00f3n de keyfile en GLib (tambi\u00e9n se conoce como glib2.0) anterior a versi\u00f3n 2.60.0 de GNOME, crea directorios usando g_file_make_directory_with_parents (kfsb-)dir, NULL, NULL) y archivos utilizando g_file_replace_contents (kfsb-)file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). En consecuencia, no restringe apropiadamente los permisos de directorio (y archivo). En cambio, para los directorios, son usados permisos 0777; para los archivos, se utilizan permisos de archivo por defecto. Esto es similar a CVE-2019-12450."
}
],
"id": "CVE-2019-13012",
"lastModified": "2024-11-21T04:24:01.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-28T15:15:10.970",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1658"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/merge_requests/450"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20190806-0003/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4049-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4049-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/merge_requests/450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20190806-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4049-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4049-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-15 17:15
Modified
2024-11-21 05:57
Severity ?
Summary
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | glib | * | |
| gnome | glib | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | e-series_performance_analyzer | - | |
| broadcom | brocade_fabric_operating_system_firmware | - | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04BDBBFD-75D9-4681-9225-F38780B6757E",
"versionEndExcluding": "2.66.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AED4217E-24BB-43F3-B979-8077FDF50DA4",
"versionEndExcluding": "2.67.4",
"versionStartIncluding": "2.67.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2748912-FC54-47F6-8C0C-B96784765B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en GNOME GLib versiones anteriores a 2.66.7 y versiones 2.67.x anteriores a 2.67.4.\u0026#xa0;Si se llam\u00f3 a la funci\u00f3n g_byte_array_new_take() con un b\u00fafer de 4 GB o m\u00e1s sobre una plataforma de 64 bits, la longitud deber\u00eda ser truncada m\u00f3dulo 2**32, causando un truncamiento de la longitud no prevista"
}
],
"id": "CVE-2021-27218",
"lastModified": "2024-11-21T05:57:37.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-15T17:15:13.073",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-681"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-07 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 23 | |
| fedoraproject | fedora | 24 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| gnome | eye_of_gnome | 3.16.5 | |
| gnome | eye_of_gnome | 3.17.1 | |
| gnome | eye_of_gnome | 3.17.2 | |
| gnome | eye_of_gnome | 3.17.3 | |
| gnome | eye_of_gnome | 3.17.90 | |
| gnome | eye_of_gnome | 3.17.91 | |
| gnome | eye_of_gnome | 3.17.92 | |
| gnome | eye_of_gnome | 3.18.0 | |
| gnome | eye_of_gnome | 3.18.1 | |
| gnome | eye_of_gnome | 3.18.2 | |
| gnome | eye_of_gnome | 3.19.1 | |
| gnome | eye_of_gnome | 3.19.2 | |
| gnome | eye_of_gnome | 3.19.3 | |
| gnome | eye_of_gnome | 3.19.4 | |
| gnome | eye_of_gnome | 3.19.90 | |
| gnome | eye_of_gnome | 3.19.91 | |
| gnome | eye_of_gnome | 3.19.92 | |
| gnome | eye_of_gnome | 3.20.0 | |
| gnome | eye_of_gnome | 3.20.1 | |
| gnome | eye_of_gnome | 3.20.2 | |
| gnome | eye_of_gnome | 3.20.3 | |
| gnome | glib | 2.44.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "546E52F2-AD8C-4A34-B79E-5CD208A51B2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC9E936-CFDE-4F37-A7DC-AE116D967BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "565E74AE-6DD6-4A53-A071-8E58FF249057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E74D23D3-6776-4393-B7A2-298A5F49BA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.17.90:*:*:*:*:*:*:*",
"matchCriteriaId": "88543C3E-CA47-4860-BF0C-32104C998DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.17.91:*:*:*:*:*:*:*",
"matchCriteriaId": "363F1008-0772-4381-9AA5-57635055B38C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.17.92:*:*:*:*:*:*:*",
"matchCriteriaId": "D591DAAE-6DA6-494C-91E7-EBD5819B4023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8910C4CF-630E-4C0A-AAED-4243D8DEE387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0AF1C1-5017-4BB7-B79D-338D374EB9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE9FEE4-614C-46CA-BA5D-18FDD728393F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A13610EA-A283-4383-85D9-9D9F040EE546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09C97EDF-376A-4C81-8237-32961E2468AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "95FD6050-8039-4C90-96F3-1AE963F5624D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E59F2E5-E40F-4A5E-9E91-5D5B5825BD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.19.90:*:*:*:*:*:*:*",
"matchCriteriaId": "65865C6F-3D25-447D-9536-BD973B85DAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.19.91:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD4D653-562A-4967-8B08-E6FB6CC12F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.19.92:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDDCB2B-9045-476C-B8DC-2DECD6F24F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F570EFDD-AB33-416D-80EA-C9F2DB3D3127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0863638E-151E-41D7-B351-63372BF396BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D0BEF31-A78D-450B-96BD-FF1A493AD42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:eye_of_gnome:3.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF4B26D-5EA7-4C22-9E79-D83756897919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:2.44.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BFBCC2-82D1-45BD-A2CA-EEB33C542392",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup."
},
{
"lang": "es",
"value": "Eye of GNOME (tambi\u00e9n conocido como eog) 3.16.5, 3.17.x, 3.18.x en versiones anteriores a 3.18.3, 3.19.x y 3.20.x en versiones anteriores a 3.20.4, cuando es utilizado con glib en versiones anteriores a 2.44.1, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites y ca\u00edda) a trav\u00e9s de vectores que involucran paso UTF-8 inv\u00e1lido para GMarkup."
}
],
"id": "CVE-2016-6855",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-07T18:59:05.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92616"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3069-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=770143"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40291/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3069-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=770143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40291/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-23 16:15
Modified
2024-11-21 06:22
Severity ?
Summary
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | glib | * | |
| gnome | glib | * | |
| debian | debian_linux | 10.0 | |
| netapp | active_iq_unified_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1AF4F37-77FE-4849-ACB4-64EA215BCF68",
"versionEndExcluding": "2.62.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2583F723-4FBA-47EB-8A5B-6DB95F1071E0",
"versionEndExcluding": "2.63.6",
"versionStartIncluding": "2.63.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en glib versiones anteriores a 2.63.6. Debido a los alias de conjuntos de caracteres aleatorios, pkexec puede filtrar el contenido de los archivos propiedad de usuarios con privilegios a los que no los presentan bajo la condici\u00f3n apropiada."
}
],
"id": "CVE-2021-3800",
"lastModified": "2024-11-21T06:22:28.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T16:15:09.980",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3800"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1938284"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0004/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2017/06/23/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1938284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2017/06/23/8"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-22 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "510CF799-7651-4494-A420-6BD7CAF89A22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:-:*:*:*:*:*:*",
"matchCriteriaId": "DE5FEEB4-95BC-47AF-A6EA-FEF4C2AF1A2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory."
},
{
"lang": "es",
"value": "La funci\u00f3n g_file_copy en glib v2.0 establece los permisos del archivo objetivo sobre un enlace simb\u00f3lico (777), lo que permite a usuarios locales asistidos por el usuario modificar los archivos de otros usuarios, como se ha demostrados usando Nautilus para modificar los permisos del directorio \"home\" de un usuario."
}
],
"id": "CVE-2009-3289",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-09-22T10:30:00.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/39656"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2009/09/08/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2010/1001"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=593406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/39656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2009/09/08/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2010/1001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=593406"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue does not affect the versions of glib2 as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2009-09-23T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-04 00:29
Modified
2024-11-21 03:52
Severity ?
Summary
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | glib | 2.56.1 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:2.56.1:*:*:*:*:*:*:*",
"matchCriteriaId": "784A5B8E-F33F-4926-9E40-D79AA9E25932",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str()."
},
{
"lang": "es",
"value": "GNOME GLib 2.56.1 tiene una vulnerabilidad de lectura fuera de l\u00edmites en g_markup_parse_context_parse() en gmarkup.c, relacionada con utf8_str()."
}
],
"id": "CVE-2018-16429",
"lastModified": "2024-11-21T03:52:44.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-04T00:29:01.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1361"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3767-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3767-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3767-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3767-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-32643 (GCVE-0-2023-32643)
Vulnerability from cvelistv5
Published
2023-09-14 19:14
Modified
2025-02-13 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T17:30:47.183666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:27.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2840"
},
{
"tags": [
"x_transferred"
],
"url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glib",
"vendor": "glib",
"versions": [
{
"status": "unaffected",
"version": "2.75.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665."
}
],
"value": "A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T09:06:02.985Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2840"
},
{
"url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0005/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32643",
"datePublished": "2023-09-14T19:14:56.761Z",
"dateReserved": "2023-05-30T11:48:42.107Z",
"dateUpdated": "2025-02-13T16:54:53.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9633 (GCVE-0-2019-9633)
Vulnerability from cvelistv5
Published
2019-03-08 07:00
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1649"
},
{
"name": "107391",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-14T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1649"
},
{
"name": "107391",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib/issues/1649",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1649"
},
{
"name": "107391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9633",
"datePublished": "2019-03-08T07:00:00",
"dateReserved": "2019-03-08T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32665 (GCVE-0-2023-32665)
Vulnerability from cvelistv5
Published
2023-09-14 19:03
Modified
2025-02-13 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | glib2 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32665",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-27T17:04:41.563399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T19:16:35.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32665"
},
{
"name": "RHBZ#2211827",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211827"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2121"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "glib2",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 37",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges William Manley as the original reporter."
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T09:06:01.299Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32665"
},
{
"name": "RHBZ#2211827",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211827"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2121"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0006/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Gvariant deserialisation does not match spec for non-normal data",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32665",
"datePublished": "2023-09-14T19:03:58.229Z",
"dateReserved": "2023-05-30T11:48:42.074Z",
"dateUpdated": "2025-02-13T16:54:55.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34397 (GCVE-0-2024-34397)
Vulnerability from cvelistv5
Published
2024-05-07 00:00
Modified
2024-11-15 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T19:45:07.808061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:14:35.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/05/07/5"
},
{
"name": "FEDORA-2024-be032e564d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/"
},
{
"name": "FEDORA-2024-2ce1c754f7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/"
},
{
"name": "[debian-lts-announce] 20240513 [SECURITY] [DLA 3814-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240531-0008/"
},
{
"name": "FEDORA-2024-fd2569c4e9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/"
},
{
"name": "FEDORA-2024-635a54eb7e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:08:40.913255",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/05/07/5"
},
{
"name": "FEDORA-2024-be032e564d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRSFYAE5X23TNRWX7ZWEJOMISLCDSYNS/"
},
{
"name": "FEDORA-2024-2ce1c754f7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UNFJHISR4O6VFOHBFWH5I5WWMG37H63A/"
},
{
"name": "[debian-lts-announce] 20240513 [SECURITY] [DLA 3814-1] glib2.0 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00008.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240531-0008/"
},
{
"name": "FEDORA-2024-fd2569c4e9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LL6HSJDXCXMLEIJBYV6CPOR4K2NTCTXW/"
},
{
"name": "FEDORA-2024-635a54eb7e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCDY3KA7G7D3DRXYTT46K6LFHS2KHWBH/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34397",
"datePublished": "2024-05-07T00:00:00",
"dateReserved": "2024-05-02T00:00:00",
"dateUpdated": "2024-11-15T17:14:35.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4316 (GCVE-0-2008-4316)
Vulnerability from cvelistv5
Published
2009-03-14 18:00
Modified
2024-08-07 10:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff"
},
{
"name": "20090312 rPSA-2009-0045-1 glib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501766/100/0/threaded"
},
{
"name": "USN-738-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-738-1"
},
{
"name": "34560",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34560"
},
{
"name": "[oss-security] 20090317 Re: [oCERT-2008-015] glib and glib-predecessor heap overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/16/2"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "MDVSA-2009:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:080"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0045"
},
{
"name": "oval:org.mitre.oval:def:11401",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11401"
},
{
"name": "FEDORA-2009-2688",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01113.html"
},
{
"name": "[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/03/12/2"
},
{
"name": "34100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34100"
},
{
"name": "34854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34854"
},
{
"name": "20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501712/100/0/threaded"
},
{
"name": "34267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34267"
},
{
"name": "RHSA-2009:0336",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0336.html"
},
{
"name": "38833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38833"
},
{
"name": "1021884",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021884"
},
{
"name": "DSA-1747",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1747"
},
{
"name": "34317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34317"
},
{
"name": "SUSE-SA:2009:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html"
},
{
"name": "FEDORA-2009-2657",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00744.html"
},
{
"name": "34416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.gnome.org/viewvc/glib?view=revision\u0026revision=7973"
},
{
"name": "oval:org.mitre.oval:def:8360",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8360"
},
{
"name": "34404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34404"
},
{
"name": "glib-gbase64-bo(49272)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49272"
},
{
"name": "34890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34890"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff"
},
{
"name": "20090312 rPSA-2009-0045-1 glib",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501766/100/0/threaded"
},
{
"name": "USN-738-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-738-1"
},
{
"name": "34560",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34560"
},
{
"name": "[oss-security] 20090317 Re: [oCERT-2008-015] glib and glib-predecessor heap overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/16/2"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "MDVSA-2009:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:080"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0045"
},
{
"name": "oval:org.mitre.oval:def:11401",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11401"
},
{
"name": "FEDORA-2009-2688",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01113.html"
},
{
"name": "[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/03/12/2"
},
{
"name": "34100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34100"
},
{
"name": "34854",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34854"
},
{
"name": "20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501712/100/0/threaded"
},
{
"name": "34267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34267"
},
{
"name": "RHSA-2009:0336",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0336.html"
},
{
"name": "38833",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38833"
},
{
"name": "1021884",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021884"
},
{
"name": "DSA-1747",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1747"
},
{
"name": "34317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34317"
},
{
"name": "SUSE-SA:2009:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html"
},
{
"name": "FEDORA-2009-2657",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00744.html"
},
{
"name": "34416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.gnome.org/viewvc/glib?view=revision\u0026revision=7973"
},
{
"name": "oval:org.mitre.oval:def:8360",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8360"
},
{
"name": "34404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34404"
},
{
"name": "glib-gbase64-bo(49272)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49272"
},
{
"name": "34890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34890"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-015.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-4316",
"datePublished": "2009-03-14T18:00:00",
"dateReserved": "2008-09-29T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28153 (GCVE-0-2021-28153)
Vulnerability from cvelistv5
Published
2021-03-11 21:04
Modified
2024-08-03 21:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2325"
},
{
"name": "FEDORA-2021-a1f51fc418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0003/"
},
{
"name": "FEDORA-2021-5c81cb03d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/"
},
{
"name": "GLSA-202107-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2325"
},
{
"name": "FEDORA-2021-a1f51fc418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210416-0003/"
},
{
"name": "FEDORA-2021-5c81cb03d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/"
},
{
"name": "GLSA-202107-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib/-/issues/2325",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2325"
},
{
"name": "FEDORA-2021-a1f51fc418",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210416-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210416-0003/"
},
{
"name": "FEDORA-2021-5c81cb03d0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/"
},
{
"name": "GLSA-202107-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28153",
"datePublished": "2021-03-11T21:04:15",
"dateReserved": "2021-03-11T00:00:00",
"dateUpdated": "2024-08-03T21:40:12.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1709 (GCVE-0-2011-1709)
Vulnerability from cvelistv5
Published
2011-06-14 17:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news"
},
{
"name": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d"
},
{
"name": "44797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44797"
},
{
"name": "FEDORA-2011-7822",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html"
},
{
"name": "USN-1142-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1142-1"
},
{
"name": "48084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48084"
},
{
"name": "openSUSE-SU-2011:0581",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/8643655"
},
{
"name": "44808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44808"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=709139",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1709",
"datePublished": "2011-06-14T17:00:00",
"dateReserved": "2011-04-15T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12450 (GCVE-0-2019-12450)
Vulnerability from cvelistv5
Published
2019-05-29 16:16
Modified
2024-08-04 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:40.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190606-0003/"
},
{
"name": "USN-4014-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4014-1/"
},
{
"name": "USN-4014-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4014-2/"
},
{
"name": "FEDORA-2019-c18d2bd1bd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1826-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html"
},
{
"name": "openSUSE-SU-2019:1650",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html"
},
{
"name": "RHSA-2019:3530",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:07:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190606-0003/"
},
{
"name": "USN-4014-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4014-1/"
},
{
"name": "USN-4014-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4014-2/"
},
{
"name": "FEDORA-2019-c18d2bd1bd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1826-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html"
},
{
"name": "openSUSE-SU-2019:1650",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html"
},
{
"name": "RHSA-2019:3530",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190606-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190606-0003/"
},
{
"name": "USN-4014-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4014-1/"
},
{
"name": "USN-4014-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4014-2/"
},
{
"name": "FEDORA-2019-c18d2bd1bd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1826-1] glib2.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html"
},
{
"name": "openSUSE-SU-2019:1650",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00076.html"
},
{
"name": "RHSA-2019:3530",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12450",
"datePublished": "2019-05-29T16:16:14",
"dateReserved": "2019-05-29T00:00:00",
"dateUpdated": "2024-08-04T23:17:40.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6855 (GCVE-0-2016-6855)
Vulnerability from cvelistv5
Published
2016-09-07 18:00
Modified
2024-08-06 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4"
},
{
"name": "40291",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40291/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5"
},
{
"name": "92616",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92616"
},
{
"name": "FEDORA-2016-0f8779baa6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/"
},
{
"name": "USN-3069-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3069-1"
},
{
"name": "openSUSE-SU-2016:2242",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=770143"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html"
},
{
"name": "FEDORA-2016-5abbc35b6a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3"
},
{
"name": "[debian-lts-announce] 20200425 [SECURITY] [DLA 2185-1] eog security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-25T22:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4"
},
{
"name": "40291",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40291/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5"
},
{
"name": "92616",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92616"
},
{
"name": "FEDORA-2016-0f8779baa6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/"
},
{
"name": "USN-3069-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3069-1"
},
{
"name": "openSUSE-SU-2016:2242",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=770143"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html"
},
{
"name": "FEDORA-2016-5abbc35b6a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3"
},
{
"name": "[debian-lts-announce] 20200425 [SECURITY] [DLA 2185-1] eog security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4"
},
{
"name": "https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4"
},
{
"name": "40291",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40291/"
},
{
"name": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5"
},
{
"name": "92616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92616"
},
{
"name": "FEDORA-2016-0f8779baa6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/"
},
{
"name": "USN-3069-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3069-1"
},
{
"name": "openSUSE-SU-2016:2242",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=770143",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=770143"
},
{
"name": "http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html"
},
{
"name": "FEDORA-2016-5abbc35b6a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/"
},
{
"name": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3"
},
{
"name": "[debian-lts-announce] 20200425 [SECURITY] [DLA 2185-1] eog security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6855",
"datePublished": "2016-09-07T18:00:00",
"dateReserved": "2016-08-18T00:00:00",
"dateUpdated": "2024-08-06T01:43:38.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16428 (GCVE-0-2018-16428)
Vulnerability from cvelistv5
Published
2018-09-04 00:00
Modified
2024-08-05 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9"
},
{
"name": "USN-3767-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3767-1/"
},
{
"name": "105210",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1364"
},
{
"name": "USN-3767-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3767-2/"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1866-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"name": "[oss-security] 20200214 Re: CVE for program distributing vulnerable components ?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/14/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-14T12:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9"
},
{
"name": "USN-3767-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3767-1/"
},
{
"name": "105210",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1364"
},
{
"name": "USN-3767-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3767-2/"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1866-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"name": "[oss-security] 20200214 Re: CVE for program distributing vulnerable components ?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/14/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9"
},
{
"name": "USN-3767-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3767-1/"
},
{
"name": "105210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105210"
},
{
"name": "https://gitlab.gnome.org/GNOME/glib/issues/1364",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1364"
},
{
"name": "USN-3767-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3767-2/"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1866-1] glib2.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"name": "[oss-security] 20200214 Re: CVE for program distributing vulnerable components ?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/14/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16428",
"datePublished": "2018-09-04T00:00:00",
"dateReserved": "2018-09-03T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29499 (GCVE-0-2023-29499)
Vulnerability from cvelistv5
Published
2023-09-14 19:06
Modified
2025-02-13 16:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | glib2 | |||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-29499"
},
{
"name": "RHBZ#2211828",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231103-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "glib2",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 37",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges William Manley as the original reporter."
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T14:06:16.355Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-29499"
},
{
"name": "RHBZ#2211828",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0001/"
},
{
"url": "https://security.gentoo.org/glsa/202311-18"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Gvariant offset table entry size is not checked in is_normal()",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-29499",
"datePublished": "2023-09-14T19:06:17.810Z",
"dateReserved": "2023-05-30T11:48:42.094Z",
"dateUpdated": "2025-02-13T16:49:21.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1978 (GCVE-0-2013-1978)
Vulnerability from cvelistv5
Published
2013-12-12 18:00
Modified
2024-08-06 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64098"
},
{
"name": "RHSA-2013:1778",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1778.html"
},
{
"name": "GLSA-201603-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=953902"
},
{
"name": "DSA-2813",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2813"
},
{
"name": "USN-2051-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2051-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "64098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64098"
},
{
"name": "RHSA-2013:1778",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1778.html"
},
{
"name": "GLSA-201603-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=953902"
},
{
"name": "DSA-2813",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2813"
},
{
"name": "USN-2051-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2051-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1978",
"datePublished": "2013-12-12T18:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4056 (GCVE-0-2025-4056)
Vulnerability from cvelistv5
Published
2025-07-28 12:40
Modified
2025-08-13 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► |
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4056",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T13:24:15.714913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T13:24:30.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.gnome.org/GNOME/glib",
"defaultStatus": "unaffected",
"packageName": "glib",
"versions": [
{
"lessThan": "2.84.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "bootc",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "glycin-loaders",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "loupe",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "mingw-glib2",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "librsvg2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "mingw-glib2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "bootc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "librsvg2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "mingw-glib2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2025-04-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T19:42:04.333Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-4056"
},
{
"name": "RHBZ#2362826",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362826"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3668"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-29T02:00:57.397000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-29T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Glib: glib crash after long command line",
"workarounds": [
{
"lang": "en",
"value": "Currently, no mitigation is available for this vulnerability."
}
],
"x_redhatCweChain": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-4056",
"datePublished": "2025-07-28T12:40:29.298Z",
"dateReserved": "2025-04-29T02:04:01.099Z",
"dateUpdated": "2025-08-13T19:42:04.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27219 (GCVE-0-2021-27219)
Vulnerability from cvelistv5
Published
2021-02-15 16:27
Modified
2024-08-03 20:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2319"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "FEDORA-2021-7c71cda8da",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"name": "FEDORA-2021-7b5e2e6844",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"name": "GLSA-202107-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2319"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "FEDORA-2021-7c71cda8da",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"name": "FEDORA-2021-7b5e2e6844",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"name": "GLSA-202107-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib/-/issues/2319",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2319"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"name": "FEDORA-2021-7c71cda8da",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210319-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"name": "FEDORA-2021-7b5e2e6844",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"name": "GLSA-202107-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27219",
"datePublished": "2021-02-15T16:27:38",
"dateReserved": "2021-02-15T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16429 (GCVE-0-2018-16429)
Vulnerability from cvelistv5
Published
2018-09-04 00:00
Modified
2024-08-05 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1361"
},
{
"name": "USN-3767-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3767-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b"
},
{
"name": "USN-3767-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3767-2/"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1866-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str()."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:07:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1361"
},
{
"name": "USN-3767-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3767-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b"
},
{
"name": "USN-3767-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3767-2/"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1866-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib/issues/1361",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1361"
},
{
"name": "USN-3767-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3767-1/"
},
{
"name": "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b"
},
{
"name": "USN-3767-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3767-2/"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1866-1] glib2.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16429",
"datePublished": "2018-09-04T00:00:00",
"dateReserved": "2018-09-03T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52533 (GCVE-0-2024-52533)
Vulnerability from cvelistv5
Published
2024-11-11 00:00
Modified
2024-12-06 13:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "glib",
"vendor": "gnome",
"versions": [
{
"lessThan": "2.82.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T15:46:58.614686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:49:33.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-12-06T13:09:32.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/12/11"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241206-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing \u0027\\0\u0027 character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T22:57:28.795674",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3461"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52533",
"datePublished": "2024-11-11T00:00:00",
"dateReserved": "2024-11-11T00:00:00",
"dateUpdated": "2024-12-06T13:09:32.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32611 (GCVE-0-2023-32611)
Vulnerability from cvelistv5
Published
2023-09-14 19:07
Modified
2025-02-13 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | glib2 | |||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:35.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32611"
},
{
"name": "RHBZ#2211829",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211829"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2797"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231027-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "glib2",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 38",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges William Manley as the original reporter."
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T14:06:18.108Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32611"
},
{
"name": "RHBZ#2211829",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211829"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2797"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231027-0005/"
},
{
"url": "https://security.gentoo.org/glsa/202311-18"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "G_variant_byteswap() can take a long time with some non-normal inputs",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32611",
"datePublished": "2023-09-14T19:07:19.011Z",
"dateReserved": "2023-05-30T11:48:42.101Z",
"dateUpdated": "2025-02-13T16:54:50.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0039 (GCVE-0-2012-0039)
Vulnerability from cvelistv5
Published
2012-01-14 17:00
Modified
2025-01-21 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120110 glib2 hash dos oCert-2011-003",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/01/10/12"
},
{
"name": "[gtk-devel-list] 20030529 Algorimic Complexity Attack on GLIB 2.2.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772720"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2012-0039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T18:29:14.034924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T18:29:23.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-12T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120110 glib2 hash dos oCert-2011-003",
"tags": [
"mailing-list"
],
"url": "http://openwall.com/lists/oss-security/2012/01/10/12"
},
{
"name": "[gtk-devel-list] 20030529 Algorimic Complexity Attack on GLIB 2.2.1",
"tags": [
"mailing-list"
],
"url": "http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html"
},
{
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772720"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0039",
"datePublished": "2012-01-14T17:00:00Z",
"dateReserved": "2011-12-07T00:00:00Z",
"dateUpdated": "2025-01-21T18:29:23.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32636 (GCVE-0-2023-32636)
Vulnerability from cvelistv5
Published
2023-09-14 19:19
Modified
2025-02-13 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2841"
},
{
"tags": [
"x_transferred"
],
"url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231110-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:57.659191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:09:36.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glib",
"vendor": "glib",
"versions": [
{
"status": "affected",
"version": "2.75.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499."
}
],
"value": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T18:06:37.810Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2841"
},
{
"url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231110-0002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32636",
"datePublished": "2023-09-14T19:19:21.874Z",
"dateReserved": "2023-05-30T11:48:42.112Z",
"dateUpdated": "2025-02-13T16:54:53.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35457 (GCVE-0-2020-35457)
Vulnerability from cvelistv5
Published
2020-12-14 22:25
Modified
2024-08-04 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:07.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2197"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/releases/2.65.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor\u0027s position is \"Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries().\" The researcher states that this pattern is undocumented"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T00:47:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2197"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/releases/2.65.3"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor\u0027s position is \"Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries().\" The researcher states that this pattern is undocumented."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d"
},
{
"name": "https://gitlab.gnome.org/GNOME/glib/-/issues/2197",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2197"
},
{
"name": "https://gitlab.gnome.org/GNOME/glib/-/releases/2.65.3",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/-/releases/2.65.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35457",
"datePublished": "2020-12-14T22:25:09",
"dateReserved": "2020-12-14T00:00:00",
"dateUpdated": "2024-08-04T17:02:07.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3800 (GCVE-0-2021-3800)
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - - Exposure of Sensitive Information to an Unauthorized Actor
Summary
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1938284"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3800"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2017/06/23/8"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995"
},
{
"name": "[debian-lts-announce] 20220915 [SECURITY] [DLA 3110-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Glib",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in glib2 2.63.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1938284"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3800"
},
{
"url": "https://www.openwall.com/lists/oss-security/2017/06/23/8"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995"
},
{
"name": "[debian-lts-announce] 20220915 [SECURITY] [DLA 3110-1] glib2.0 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3800",
"datePublished": "2022-08-23T00:00:00",
"dateReserved": "2021-09-14T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27218 (GCVE-0-2021-27218)
Vulnerability from cvelistv5
Published
2021-02-15 16:27
Modified
2024-08-03 20:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "FEDORA-2021-7c71cda8da",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"name": "FEDORA-2021-7b5e2e6844",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "GLSA-202107-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "FEDORA-2021-7c71cda8da",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"name": "FEDORA-2021-7b5e2e6844",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "GLSA-202107-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942"
},
{
"name": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"name": "FEDORA-2021-7c71cda8da",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210319-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"name": "FEDORA-2021-7b5e2e6844",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "GLSA-202107-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"name": "[debian-lts-announce] 20220606 [SECURITY] [DLA 3044-1] glib2.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27218",
"datePublished": "2021-02-15T16:27:20",
"dateReserved": "2021-02-15T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1913 (GCVE-0-2013-1913)
Vulnerability from cvelistv5
Published
2013-12-12 18:00
Modified
2024-08-06 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=947868"
},
{
"name": "RHSA-2013:1778",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1778.html"
},
{
"name": "GLSA-201603-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-01"
},
{
"name": "DSA-2813",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2813"
},
{
"name": "USN-2051-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2051-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "64105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=947868"
},
{
"name": "RHSA-2013:1778",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1778.html"
},
{
"name": "GLSA-201603-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-01"
},
{
"name": "DSA-2813",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2813"
},
{
"name": "USN-2051-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2051-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1913",
"datePublished": "2013-12-12T18:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3289 (GCVE-0-2009-3289)
Vulnerability from cvelistv5
Published
2009-09-22 10:00
Modified
2024-08-07 06:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:22:24.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135"
},
{
"name": "39656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39656"
},
{
"name": "SUSE-SR:2010:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=593406"
},
{
"name": "[oss-security] 20090908 CVE Request - glib symlink copying permission exposure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/09/08/8"
},
{
"name": "ADV-2010-1001",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135"
},
{
"name": "39656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39656"
},
{
"name": "SUSE-SR:2010:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=593406"
},
{
"name": "[oss-security] 20090908 CVE Request - glib symlink copying permission exposure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/09/08/8"
},
{
"name": "ADV-2010-1001",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/418135"
},
{
"name": "39656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39656"
},
{
"name": "SUSE-SR:2010:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=593406",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=593406"
},
{
"name": "[oss-security] 20090908 CVE Request - glib symlink copying permission exposure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/09/08/8"
},
{
"name": "ADV-2010-1001",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3289",
"datePublished": "2009-09-22T10:00:00",
"dateReserved": "2009-09-22T00:00:00",
"dateUpdated": "2024-08-07T06:22:24.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6750 (GCVE-0-2020-6750)
Vulnerability from cvelistv5
Published
2020-01-09 19:23
Modified
2024-08-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1989"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1160668"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200127-0001/"
},
{
"name": "FEDORA-2020-339d413324",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RIFEDSRJ4P3WFCMDUOFQ2LEILZLMDW7/"
},
{
"name": "FEDORA-2020-c101a316ab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEM7MMAXMWCDPUH4MTUZ763MBB64RRLJ/"
},
{
"name": "FEDORA-2020-092ef6572a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMLGW55HOQXHMTIPH2PWXFRBNBWVO4W/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-23T02:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1989"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1160668"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200127-0001/"
},
{
"name": "FEDORA-2020-339d413324",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RIFEDSRJ4P3WFCMDUOFQ2LEILZLMDW7/"
},
{
"name": "FEDORA-2020-c101a316ab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEM7MMAXMWCDPUH4MTUZ763MBB64RRLJ/"
},
{
"name": "FEDORA-2020-092ef6572a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMLGW55HOQXHMTIPH2PWXFRBNBWVO4W/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib/issues/1989",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1989"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1160668",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1160668"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200127-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200127-0001/"
},
{
"name": "FEDORA-2020-339d413324",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RIFEDSRJ4P3WFCMDUOFQ2LEILZLMDW7/"
},
{
"name": "FEDORA-2020-c101a316ab",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEM7MMAXMWCDPUH4MTUZ763MBB64RRLJ/"
},
{
"name": "FEDORA-2020-092ef6572a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMLGW55HOQXHMTIPH2PWXFRBNBWVO4W/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6750",
"datePublished": "2020-01-09T19:23:03",
"dateReserved": "2020-01-09T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13012 (GCVE-0-2019-13012)
Vulnerability from cvelistv5
Published
2019-06-28 14:07
Modified
2024-08-04 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:09.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1658"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/merge_requests/450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429"
},
{
"name": "USN-4049-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4049-1/"
},
{
"name": "USN-4049-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4049-2/"
},
{
"name": "openSUSE-SU-2019:1749",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1866-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"name": "[debian-lts-announce] 20190805 [SECURITY] [DLA 1866-2] glib2.0 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0003/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-\u003edir, NULL, NULL) and files using g_file_replace_contents (kfsb-\u003efile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:09:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1658"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/merge_requests/450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429"
},
{
"name": "USN-4049-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4049-1/"
},
{
"name": "USN-4049-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4049-2/"
},
{
"name": "openSUSE-SU-2019:1749",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1866-1] glib2.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"name": "[debian-lts-announce] 20190805 [SECURITY] [DLA 1866-2] glib2.0 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0003/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-\u003edir, NULL, NULL) and files using g_file_replace_contents (kfsb-\u003efile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib/issues/1658",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1658"
},
{
"name": "https://gitlab.gnome.org/GNOME/glib/merge_requests/450",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/merge_requests/450"
},
{
"name": "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429"
},
{
"name": "USN-4049-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4049-1/"
},
{
"name": "USN-4049-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4049-2/"
},
{
"name": "openSUSE-SU-2019:1749",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1866-1] glib2.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html"
},
{
"name": "[debian-lts-announce] 20190805 [SECURITY] [DLA 1866-2] glib2.0 regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190806-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190806-0003/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13012",
"datePublished": "2019-06-28T14:07:42",
"dateReserved": "2019-06-28T00:00:00",
"dateUpdated": "2024-08-04T23:41:09.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}