PT-2021-1899 · Gnome+10 · Gnome Glib+10

Published

2021-02-04

·

Updated

2024-05-06

·

CVE-2021-27219

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions GNOME GLib versions prior to 2.66.6 GNOME GLib versions 2.67.x prior to 2.67.3
Description An issue was discovered in the function g bytes new due to an integer overflow on 64-bit platforms. This overflow is caused by an implicit cast from 64 bits to 32 bits, potentially leading to memory corruption. The vulnerability could be exploited by a remote attacker using a specially crafted request to the vulnerable function, allowing them to modify the contents of dynamic memory.
Recommendations For GNOME GLib versions prior to 2.66.6, update to version 2.66.6 or later. For GNOME GLib versions 2.67.x prior to 2.67.3, update to version 2.67.3 or later. As a temporary workaround, consider restricting the use of the g bytes new function until a patch is available.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-681CWE-190

Related Identifiers

ALSA-2021:2170
ALSA-2021:4526
ALT-PU-2021-1212
AZL-6438
BDU:2021-00680
CESA-2021_2147
CESA-2021_2170
CESA-2021_4526
CVE-2021-27219
DLA-3044-1
MGASA-2021-0318
OESA-2021-1106
OESA-2021-1107
OPENSUSE-SU-2021:0406-1
OPENSUSE-SU-2021_0406-1
OPENSUSE-SU-2024:10791-1
RHSA-2021:2147
RHSA-2021:2170
RHSA-2021:2171
RHSA-2021:2172
RHSA-2021:2173
RHSA-2021:2174
RHSA-2021:2175
RHSA-2021:2203
RHSA-2021:2204
RHSA-2021:2467
RHSA-2021:2519
RHSA-2021:2522
RHSA-2021:4526
RHSA-2021_2147
RHSA-2021_2170
RHSA-2021_2467
RHSA-2021_4526
RLSA-2021:2170
SUSE-SU-2021:0778-1
SUSE-SU-2021:0801-1
SUSE-SU-2021:0890-1
USN-4759-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Gnome Glib
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu