Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20240506-02
HistoryMay 06, 2024 - 12:00 a.m.

ROS-20240506-02

2024-05-0600:00:00
redos.red-soft.ru
7
glib library
gvariant deserialization
buffer copying
integer overflow
input validation
resource consumption
data recovery
denial of service
arbitrary code
remote attackers
unix

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

A vulnerability in the Glib library is related to GVariant deserialization. Exploitation of the vulnerability could allow
an attacker to cause a denial of service

Vulnerability of Glib library function g_byte_array_new_take() is related to buffer copying without checking the
the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code

Vulnerability in the g_bytes_new function of the gbytes.c component of the Glib library is caused by integer overflow
due to implicit conversion of a variable of type gsize to type guint. Exploitation of the vulnerability could allow
an attacker acting remotely to modify the contents of dynamic memory by using a specially
a specially crafted request to a vulnerable function

Glib library vulnerability is related to additional input validation. Exploitation of the vulnerability could
Allow an attacker acting remotely to cause a denial of service

A vulnerability in the g_variant_byteswap() function of the Glib library is related to uncontrolled resource consumption.
Exploitation of the vulnerability could allow an attacker to cause a denial of service

A vulnerability in the is_normal() function of the Glib library is associated with an uncontrolled resource consumption.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service

A vulnerability in the Glib library is related to the recovery of invalid data in memory. Exploitation
exploitation of the vulnerability could allow an attacker to cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64glib2<= 2.65.3-3UNKNOWN

Related

nessus 61
openvas 30
fedora 4
osv 16
ubuntu 3
redhat 10
almalinux 4
oraclelinux 5
photon 5
gentoo 2
debian 2
ubuntucve 3
cloudfoundry 2
redhatcve 6
alpinelinux 5
cve 4
cvelist 6
nvd 4
debiancve 6
vulnrichment 1
prion 6
ibm 4
suse 1
mageia 1
amazon 2
gitlab 2
cbl_mariner 2
veracode 1
centos 1
nessus
nessus
Fedora 37 : mingw-glib2 (2023-1a7e2b3dda)
2023-06-16 00:00:00
Fedora 38 : mingw-glib2 (2023-9e5a29a25d)
2023-06-16 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM : GLib vulnerabilities (USN-6165-2)
2023-10-19 00:00:00
openvas
openvas
Fedora: Security Advisory for mingw-glib2 (FEDORA-2023-9e5a29a25d)
2023-06-17 00:00:00
Ubuntu: Security Advisory (USN-6165-2)
2023-10-20 00:00:00
Fedora: Security Advisory for mingw-glib2 (FEDORA-2023-1a7e2b3dda)
2023-06-17 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: mingw-glib2-2.74.7-1.fc38
2023-06-16 02:22:05
[SECURITY] Fedora 37 Update: mingw-glib2-2.74.7-1.fc37
2023-06-16 02:15:09
[SECURITY] Fedora 33 Update: mingw-glib2-2.66.7-1.fc33
2021-03-15 01:19:54
osv
osv
glib2.0 vulnerabilities
2023-10-19 11:46:21
Low: mingw-glib2 security update
2024-04-30 00:00:00
glib2.0 vulnerabilities
2023-06-14 13:26:19
ubuntu
ubuntu
GLib vulnerabilities
2023-10-19 00:00:00
GLib vulnerabilities
2023-06-14 00:00:00
GLib vulnerabilities
2021-03-08 00:00:00
redhat
redhat
(RHSA-2024:2528) Low: mingw-glib2 security update
2024-04-30 06:15:57
(RHSA-2023:6631) Low: glib2 security and bug fix update
2023-11-07 06:10:40
(RHSA-2021:4526) Important: mingw-glib2 security, bug fix, and enhancement update
2021-11-09 09:43:49
almalinux
almalinux
Low: mingw-glib2 security update
2024-04-30 00:00:00
Low: glib2 security and bug fix update
2023-11-07 00:00:00
Important: mingw-glib2 security, bug fix, and enhancement update
2021-11-09 09:43:49
oraclelinux
oraclelinux
mingw-glib2 security update
2024-05-03 00:00:00
glib2 security and bug fix update
2023-11-11 00:00:00
glib2 security update
2021-06-01 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0500
2023-10-28 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0365
2021-03-02 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0692
2023-11-26 00:00:00
gentoo
gentoo
GLib: Multiple Vulnerabilities
2023-11-27 00:00:00
GLib: Multiple vulnerabilities
2021-07-07 00:00:00
debian
debian
[SECURITY] [DLA 3583-1] glib2.0 security update
2023-09-25 17:58:14
[SECURITY] [DLA 3044-1] glib2.0 security update
2022-06-06 14:25:26
ubuntucve
ubuntucve
CVE-2023-32643
2023-06-07 00:00:00
CVE-2023-32636
2023-06-07 00:00:00
CVE-2023-24593
2023-03-29 00:00:00
cloudfoundry
cloudfoundry
USN-6165-1: GLib vulnerabilities | Cloud Foundry
2023-06-29 00:00:00
USN-4759-1: GLib vulnerabilities | Cloud Foundry
2021-03-22 00:00:00
redhatcve
redhatcve
CVE-2023-32643
2023-06-05 12:35:46
CVE-2023-32636
2023-06-05 12:35:43
CVE-2023-32665
2023-06-05 12:35:54
alpinelinux
alpinelinux
CVE-2023-32643
2023-09-14 20:15:09
CVE-2023-32636
2023-09-14 20:15:09
CVE-2023-32665
2023-09-14 20:15:09
cve
cve
CVE-2023-32636
2023-09-14 20:15:09
CVE-2023-32643
2023-09-14 20:15:09
CVE-2023-32665
2023-09-14 20:15:09
cvelist
cvelist
CVE-2023-32643
2023-09-14 19:14:56
CVE-2023-32636
2023-09-14 19:19:21
CVE-2023-32611 G_variant_byteswap() can take a long time with some non-normal inputs
2023-09-14 19:07:19
nvd
nvd
CVE-2023-32643
2023-09-14 20:15:09
CVE-2023-32636
2023-09-14 20:15:09
CVE-2023-32611
2023-09-14 20:15:09
debiancve
debiancve
CVE-2023-32643
2023-09-14 20:15:09
CVE-2023-32636
2023-09-14 20:15:09
CVE-2023-29499
2023-09-14 20:15:09
vulnrichment
vulnrichment
CVE-2023-32643
2023-09-14 19:14:56
prion
prion
Heap overflow
2023-09-14 20:15:00
Deserialization of untrusted data
2023-09-14 20:15:00
Deserialization of untrusted data
2023-09-14 20:15:00
ibm
ibm
Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability.
2021-12-15 06:32:33
Security Bulletin: Multiple CVEs may affect Operating System packages shipped with IBM CICS TX Advanced 10.1
2023-09-04 11:15:53
Security Bulletin: Vulnerability in glib2 (CVE-2021-27218 and CVE-2021-27219) affects Power HMC
2021-11-22 05:54:17
suse
suse
Security update for glib2 (important)
2021-03-14 00:00:00
mageia
mageia
Updated glib2.0 packages fix security vulnerabilities
2021-07-09 01:43:19
amazon
amazon
Important: glib2
2021-06-16 20:37:00
Important: glib2
2021-09-02 22:54:00
gitlab
gitlab
Incorrect Conversion between Numeric Types
2021-02-15 00:00:00
Incorrect Conversion between Numeric Types
2021-02-15 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-27219 affecting package glib for versions less than 2.60.1-5
2022-04-09 06:51:45
CVE-2021-27218 affecting package glib for versions less than 2.60.1-5
2022-04-09 06:51:45
veracode
veracode
Denial Of Service (DoS)
2021-05-18 17:03:17
centos
centos
glib2 security update
2021-06-14 18:42:36

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON
Related for ROS-20240506-02
nessus61openvas30fedora4osv16ubuntu3redhat10almalinux4oraclelinux5photon5gentoo2debian2ubuntucve3cloudfoundry2redhatcve6alpinelinux5cve4cvelist6nvd4debiancve6vulnrichment1prion6ibm4suse1mageia1amazon2gitlab2cbl_mariner2veracode1centos1