CVE-2023-32665

2023-09-1420:15:09

CWE-502

CWE-400

redhat

web.nvd.nist.gov

144

glib

gvariant

deserialization

vulnerability

denial of service

cve-2023-32665

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

Affected configurations

Nvd

Node

gnomeglibRange<2.74.4

VendorProductVersionCPE
gnomeglib*cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnome	glib	*	cpe:2.3:a:gnome:glib::::::::

CNA Affected

[
  {
    "product": "glib2",
    "vendor": "n/a",
    "defaultStatus": "affected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "glib2",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "glib2",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "glib2",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "glib2",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "product": "Fedora 38",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "glib2",
    "defaultStatus": "affected"
  },
  {
    "product": "Extra Packages for Enterprise Linux",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "glib",
    "defaultStatus": "affected"
  },
  {
    "product": "Fedora",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "glib2",
    "defaultStatus": "affected"
  },
  {
    "product": "Fedora 37",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "glib2",
    "defaultStatus": "affected"
  },
  {
    "product": "Fedora 38",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "mingw-glib2",
    "defaultStatus": "affected"
  },
  {
    "product": "Fedora 37",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "mingw-glib2",
    "defaultStatus": "affected"
  }
]