CVE-2021-27219

2021-02-1500:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.004 Low

EPSS

Percentile

74.2%

JSON

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before
2.67.3. The function g_bytes_new has an integer overflow on 64-bit
platforms due to an implicit cast from 64 bits to 32 bits. The overflow
could potentially lead to memory corruption.

Bugs

Notes

Author	Note
mdeslaur	see gnome bug for multiple regression fixes solved in 2.66.7 Upstream fixed this in 2.67 by adding a new g_memdup2() function and deprecating g_memdup(). For the 2.66 stable release, they added g_memdup2(), but in a private manner so that internal uses of g_memdup() could be switched, but this won’t fix external applications.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchglib2.0< 2.56.4-0ubuntu0.18.04.7UNKNOWN
ubuntu20.04noarchglib2.0< 2.64.6-1~ubuntu20.04.2UNKNOWN
ubuntu20.10noarchglib2.0< 2.66.1-2ubuntu0.1UNKNOWN
ubuntu14.04noarchglib2.0< anyUNKNOWN
ubuntu16.04noarchglib2.0< 2.48.2-0ubuntu4.7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	glib2.0	< 2.56.4-0ubuntu0.18.04.7	UNKNOWN
ubuntu	20.04	noarch	glib2.0	< 2.64.6-1~ubuntu20.04.2	UNKNOWN
ubuntu	20.10	noarch	glib2.0	< 2.66.1-2ubuntu0.1	UNKNOWN
ubuntu	14.04	noarch	glib2.0	< any	UNKNOWN
ubuntu	16.04	noarch	glib2.0	< 2.48.2-0ubuntu4.7	UNKNOWN