2211828 – (CVE-2023-29499) CVE-2023-29499 glib: GVariant offset table entry size is not checked in is_normal()

Bug 2211828 (CVE-2023-29499) - CVE-2023-29499 glib: GVariant offset table entry size is not checked in is_normal()

Summary: CVE-2023-29499 glib: GVariant offset table entry size is not checked in is_no...

Keywords:
Status:	NEW
Alias:	CVE-2023-29499
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2212700 2212703 2212704 2212706 2212699 2212701 2212702 2212705 2212707
Blocks:	2160453
TreeView+	depends on / blocked

Reported:	2023-06-02 07:17 UTC by Dhananjay Arunesh
Modified:	2023-07-20 20:48 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2023-06-02 07:17:04 UTC

GLib's GVariant deserialization prior to GLib 2.74.4 failed to validate the input conforms to the expected format, leading to denial of service.

Referenves:
https://gitlab.gnome.org/GNOME/glib/-/issues/2794

Comment 1 Dhananjay Arunesh 2023-06-06 07:21:33 UTC

Created glib tracking bugs for this issue:

Affects: epel-all [bug 2212699]


Created glib2 tracking bugs for this issue:

Affects: fedora-37 [bug 2212700]
Affects: fedora-38 [bug 2212704]


Created mingw-glib2 tracking bugs for this issue:

Affects: fedora-37 [bug 2212701]
Affects: fedora-38 [bug 2212707]

Note You need to log in before you can comment on or make changes to this bug.