Gvariant offset table entry size is not checked in is_normal()
CVE-2023-29499

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Glib2; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 14 September 2023

What is CVE-2023-29499?

A vulnerability in GLib occurs when the GVariant deserialization process does not properly verify the input format, potentially leading to a denial of service. This flaw can disrupt systems that rely on GLib for handling data serialization and deserialization, making it crucial for developers and system administrators to implement necessary updates and fixes to maintain software stability and security.

References

https://access.redhat.com/security/cve/CVE-2023-29499

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2211828

issue-trackingx_refsource_REDHAT

https://gitlab.gnome.org/GNOME/glib/-/issues/2794

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 14, 2023
Vulnerability Reserved
May 30, 2023

Credit

Upstream acknowledges William Manley as the original reporter.

Red Hat

What is CVE-2023-29499?

References

CVSS V3.1

Timeline

Credit