Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-32636

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.

Published

2023-09-14T20:15:09.653

Last Modified

2024-11-21T08:03:44.800

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnome	glib	< 2.74.4	Yes

References

https://gitlab.gnome.org/GNOME/glib/-/issues/2841 Issue Tracking, Vendor Advisory ([email protected])
https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 Broken Link ([email protected])
https://security.netapp.com/advisory/ntap-20231110-0002/ Third Party Advisory ([email protected])
https://gitlab.gnome.org/GNOME/glib/-/issues/2841 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231110-0002/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)