CVE-2023-32636

2023-06-0700:00:00

ubuntu.com

glib

deserialization

dos

offset table validation

backported fix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.2%

JSON

A flaw was found in glib, where the gvariant deserialization code is
vulnerable to a denial of service introduced by additional input validation
added to resolve CVE-2023-29499. The offset table validation may be very
slow. This bug does not affect any released version of glib but does affect
glib distributors who followed the guidance of glib developers to backport
the initial fix for CVE-2023-29499.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchglib2.0< 2.56.4-0ubuntu0.18.04.9+esm3UNKNOWN
ubuntu20.04noarchglib2.0< 2.64.6-1~ubuntu20.04.6UNKNOWN
ubuntu22.04noarchglib2.0< 2.72.4-0ubuntu2.2UNKNOWN
ubuntu22.10noarchglib2.0< 2.74.3-0ubuntu1.2UNKNOWN
ubuntu14.04noarchglib2.0< 2.40.2-0ubuntu1.1+esm6UNKNOWN
ubuntu16.04noarchglib2.0< 2.48.2-0ubuntu4.8+esm3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	glib2.0	< 2.56.4-0ubuntu0.18.04.9+esm3	UNKNOWN
ubuntu	20.04	noarch	glib2.0	< 2.64.6-1~ubuntu20.04.6	UNKNOWN
ubuntu	22.04	noarch	glib2.0	< 2.72.4-0ubuntu2.2	UNKNOWN
ubuntu	22.10	noarch	glib2.0	< 2.74.3-0ubuntu1.2	UNKNOWN
ubuntu	14.04	noarch	glib2.0	< 2.40.2-0ubuntu1.1+esm6	UNKNOWN
ubuntu	16.04	noarch	glib2.0	< 2.48.2-0ubuntu4.8+esm3	UNKNOWN