CVE-2023-32636

Name
CVE-2023-32636
Description
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://gitlab.gnome.org/GNOME/glib/-/issues/2841
MISC https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835
https://security.netapp.com/advisory/ntap-20231110-0002/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:* glib >= None < 2.74.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
glib 3.16-main 2.72.4-r0 Rasmus Thomsen <oss@cogitri.dev> possibly vulnerable
glib 3.15-main 2.70.5-r0 Rasmus Thomsen <oss@cogitri.dev> possibly vulnerable