CVE-2021-27219

Name
CVE-2021-27219
Description
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://gitlab.gnome.org/GNOME/glib/-/issues/2319
Mailing List https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/
Third Party Advisory https://security.netapp.com/advisory/ntap-20210319-0004/
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/
GENTOO https://security.gentoo.org/glsa/202107-13

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:* glib >= None < 2.66.6
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:* glib >= 2.67.0 < 2.67.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
glib 3.12-main 2.64.6-r0 Rasmus Thomsen <oss@cogitri.dev> possibly vulnerable
glib 3.11-main 2.62.6-r0 Rasmus Thomsen <oss@cogitri.dev> possibly vulnerable
glib 3.10-main 2.60.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable