CVE-2021-27219

Summary

CVE	CVE-2021-27219
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-02-15 17:15:00 UTC
Updated	2023-11-07 03:31:00 UTC
Description	An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

Risk And Classification

Problem Types: CWE-681

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Broadcom	Brocade Fabric Operating System Firmware	-	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Application	Gnome	Glib	All	All	All	All
Application	Gnome	Glib	All	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Application	Netapp	E-series Performance Analyzer	-	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 34 Update: mingw-glib2-2.66.7-1.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
GHSL-2021-045: integer overflow in g_bytes_new/g_memdup (#2319) · Issues · GNOME / GLib · GitLab	MISC	gitlab.gnome.org	Exploit, Issue Tracking, Third Party Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Third Party Advisory
[SECURITY] Fedora 34 Update: mingw-glib2-2.66.7-1.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
February 2021 GNOME GLib Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
GLib: Multiple vulnerabilities (GLSA 202107-13) — Gentoo security	GENTOO	security.gentoo.org
[SECURITY] [DLA 3044-1] glib2.0 security update	MLIST	lists.debian.org
[SECURITY] Fedora 33 Update: mingw-glib2-2.66.7-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar		lists.apache.org
[SECURITY] Fedora 33 Update: mingw-glib2-2.66.7-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159236 Oracle Enterprise Linux Security Update for glib2 (ELSA-2021-2147)
159240 Oracle Enterprise Linux Security Update for glib2 (ELSA-2021-2170)
159282 Oracle Enterprise Linux Security Update for glib2 (ELSA-2021-9318)
174791 SUSE Enterprise Linux Security update for glib2 (SUSE-SU-2021:0778-1)
174826 SUSE Enterprise Linux Security update for glib2 (SUSE-SU-2021:0890-1)
179358 Debian Security Update for glib2.0 (DLA 3044-1)
179739 Debian Security Update for glib2.0 (CVE-2021-27219)
239345 Red Hat Update for glib2 (RHSA-2021:2147)
239375 Red Hat Update for glib2 (RHSA-2021:2175)
239376 Red Hat Update for glib2 (RHSA-2021:2172)
239377 Red Hat Update for glib2 (RHSA-2021:2171)
239378 Red Hat Update for glib2 (RHSA-2021:2170)
239421 Red Hat Update for glib2 (RHSA-2021:2204)
257087 CentOS Security Update for glib2 (CESA-2021:2147)
281538 Fedora Security Update for mingw (FEDORA-2021-7b5e2e6844)
281539 Fedora Security Update for mingw (FEDORA-2021-7c71cda8da)
352400 Amazon Linux Security Advisory for glib2: ALAS2-2021-1655
352809 Amazon Linux Security Advisory for glib2: ALAS-2021-1526
376893 Alibaba Cloud Linux Security Update for glib2 (ALINUX3-SA-2021:0033)
377169 Alibaba Cloud Linux Security Update for glib2 (ALINUX2-SA-2021:0031)
390230 Oracle Managed Virtualization (VM) Server for x86 Security Update for glib2 (OVMSA-2021-0019)
501413 Alpine Linux Security Update for glib
501743 Alpine Linux Security Update for glib
503971 Alpine Linux Security Update for glib
670287 EulerOS Security Update for glib2 (EulerOS-SA-2021-1789)
670326 EulerOS Security Update for glib2 (EulerOS-SA-2021-1898)
670353 EulerOS Security Update for glib2 (EulerOS-SA-2021-1871)
670380 EulerOS Security Update for glib2 (EulerOS-SA-2021-1945)
670401 EulerOS Security Update for glib2 (EulerOS-SA-2021-1924)
670615 EulerOS Security Update for glib2 (EulerOS-SA-2021-2373)
710063 Gentoo Linux GLib Multiple vulnerabilities (GLSA 202107-13)
730155 McAfee Web Gateway Multiple Vulnerabilities(WP-3580, WP-3656, WP-3815, WP-3878, WP-3882, WP-3934,WP-3935, WP-3936, WP-3999)
750321 OpenSUSE Security Update for glib2 (openSUSE-SU-2021:0406-1)
900161 CBL-Mariner Linux Security Update for glib 2.58.0
901930 Common Base Linux Mariner (CBL-Mariner) Security Update for glib (6438-1)
903212 Common Base Linux Mariner (CBL-Mariner) Security Update for glib (3894)
905819 Common Base Linux Mariner (CBL-Mariner) Security Update for glib (3894-1)
940349 AlmaLinux Security Update for glib2 (ALSA-2021:2170)
940356 AlmaLinux Security Update for mingw-glib2 (ALSA-2021:4526)
960092 Rocky Linux Security Update for glib2 (RLSA-2021:2170)