2181183 – glib: DoS caused by handling a malicious text-form variant

Bug 2181183 - glib: DoS caused by handling a malicious text-form variant

Summary: glib: DoS caused by handling a malicious text-form variant

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2181187 2181188 2181191 2181192 2181199 2181200 2181201 2181202
Blocks:	2160453
TreeView+	depends on / blocked

Reported:	2023-03-23 09:59 UTC by Dhananjay Arunesh
Modified:	2024-03-26 20:16 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-05-29 05:39:05 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2023-03-23 09:59:29 UTC

A vulnerability was found in GLib2.0, where DoS caused by handling a malicious text-form variant which is structured to cause looping superlinear to its text size. Applications are at risk if they parse untrusted text-form variants.

References:
https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835

Comment 1 Dhananjay Arunesh 2023-03-23 10:01:59 UTC

Created glib tracking bugs for this issue:

Affects: epel-all [bug 2181187]
Affects: fedora-all [bug 2181191]


Created glib2 tracking bugs for this issue:

Affects: fedora-all [bug 2181188]


Created mingw-glib2 tracking bugs for this issue:

Affects: fedora-all [bug 2181192]

Comment 2 Salvatore Bonaccorso 2023-07-24 07:45:13 UTC

This CVE has been rejected, can you please remove the CVE alias as well?

Note You need to log in before you can comment on or make changes to this bug.