DescriptionDhananjay Arunesh
2023-03-23 09:55:46 UTC
A vulnerability was found in GLib2.0, where denial of service caused by handling a malicious serialised variant which is structured to cause allocations or looping superlinear to its serialised size. Applications are at risk if they accept untrusted serialised variants by checking them with g_variant_get_normal_form() (or don’t check them).
References:
https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835
Comment 1Dhananjay Arunesh
2023-03-23 10:01:52 UTC
Created glib tracking bugs for this issue:
Affects: epel-all [bug 2181185]
Affects: fedora-all [bug 2181189]
Created glib2 tracking bugs for this issue:
Affects: fedora-all [bug 2181186]
Created mingw-glib2 tracking bugs for this issue:
Affects: fedora-all [bug 2181190]
Comment 3Salvatore Bonaccorso
2023-07-24 07:45:41 UTC
This CVE has been rejected, can you please remove the CVE alias as well?