Gvariant offset table entry size is not checked in is_normal()
CVE-2023-29499

7.5HIGH

Key Information:

Vendor: Red Hat
Status: glib2; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 14 September 2023

Summary

A vulnerability in GLib occurs when the GVariant deserialization process does not properly verify the input format, potentially leading to a denial of service. This flaw can disrupt systems that rely on GLib for handling data serialization and deserialization, making it crucial for developers and system administrators to implement necessary updates and fixes to maintain software stability and security.

References

https://access.redhat.com/security/cve/CVE-2023-29499

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2211828

issue-trackingx_refsource_REDHAT

https://gitlab.gnome.org/GNOME/glib/-/issues/2794

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2023
Vulnerability Reserved
May 30, 2023

Credit

Upstream acknowledges William Manley as the original reporter.