CVE-2023-32636

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:03

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 4.7
References () https://gitlab.gnome.org/GNOME/glib/-/issues/2841 - Issue Tracking, Vendor Advisory () https://gitlab.gnome.org/GNOME/glib/-/issues/2841 - Issue Tracking, Vendor Advisory
References () https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 - Broken Link () https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 - Broken Link
References () https://security.netapp.com/advisory/ntap-20231110-0002/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20231110-0002/ - Third Party Advisory

12 Jan 2024, 22:09

Type Values Removed Values Added
References () https://security.netapp.com/advisory/ntap-20231110-0002/ - () https://security.netapp.com/advisory/ntap-20231110-0002/ - Third Party Advisory
CWE CWE-502

Information

Published : 2023-09-14 20:15

Updated : 2024-11-21 08:03


NVD link : CVE-2023-32636

Mitre link : CVE-2023-32636

CVE.ORG link : CVE-2023-32636


JSON object : View

Products Affected

gnome

  • glib
CWE
CWE-400

Uncontrolled Resource Consumption

CWE-502

Deserialization of Untrusted Data