Bug 2211828 (CVE-2023-29499) - CVE-2023-29499 glib: GVariant offset table entry size is not checked in is_normal()
Summary: CVE-2023-29499 glib: GVariant offset table entry size is not checked in is_no...
Keywords:
Status: NEW
Alias: CVE-2023-29499
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2212699 2212700 2212701 2212702 2212703 2212704 2212705 2212706 2212707
Blocks: 2160453
TreeView+ depends on / blocked
 
Reported: 2023-06-02 07:17 UTC by Dhananjay Arunesh
Modified: 2024-06-28 21:35 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:6631 0 None None None 2023-11-07 08:22:11 UTC
Red Hat Product Errata RHSA-2024:2528 0 None None None 2024-04-30 11:02:46 UTC

Description Dhananjay Arunesh 2023-06-02 07:17:04 UTC
GLib's GVariant deserialization prior to GLib 2.74.4 failed to validate the input conforms to the expected format, leading to denial of service.

Referenves:
https://gitlab.gnome.org/GNOME/glib/-/issues/2794

Comment 1 Dhananjay Arunesh 2023-06-06 07:21:33 UTC
Created glib tracking bugs for this issue:

Affects: epel-all [bug 2212699]


Created glib2 tracking bugs for this issue:

Affects: fedora-37 [bug 2212700]
Affects: fedora-38 [bug 2212704]


Created mingw-glib2 tracking bugs for this issue:

Affects: fedora-37 [bug 2212701]
Affects: fedora-38 [bug 2212707]

Comment 4 errata-xmlrpc 2023-11-07 08:22:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6631 https://access.redhat.com/errata/RHSA-2023:6631

Comment 10 Dhananjay Arunesh 2024-01-22 10:22:26 UTC
This vulnerability allows for a denial of service attack to be performed against applications that process  untrusted GVariant input, compromising application availability by consuming excessive processing time or utilizing a large quantity of memory. The most likely threat is from a local user, which may be possible depending on the configuration of the service and the format of parameters that it expects. While a remote attack is possible if the application is configured to read GVariants over a network connection, this is not the default configuration which makes the likelihood low. Because the most widely available attack vector is local and the consequences are limited to denial of service, Red Hat Product Security rates the impact as Low.

Comment 11 errata-xmlrpc 2024-04-30 11:02:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2528 https://access.redhat.com/errata/RHSA-2024:2528


Note You need to log in before you can comment on or make changes to this bug.