CVE-2023-32636
Summary
| CVE | CVE-2023-32636 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-14 20:15:00 UTC |
| Updated | 2023-11-10 18:15:00 UTC |
| Description | A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| (CVE-2023-32636) fuzz_variant_text: Timeout in fuzz_variant_text (#2841) · Issues · GNOME / GLib · GitLab | MISC | gitlab.gnome.org | |
| Multiple fixes for GVariant normalisation issues in GLib - Platform - GNOME Discourse | MISC | https | |
| CVE-2023-32636 Gnome Glib Vulnerability in NetApp Products | NetApp Product Security | security.netapp.com | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 199417 Ubuntu Security Notification for GLib Vulnerabilities (USN-6165-1)
- 199839 Ubuntu Security Notification for GLib Vulnerabilities (USN-6165-2)
- 284032 Fedora Security Update for mingw (FEDORA-2023-1a7e2b3dda)
- 284071 Fedora Security Update for mingw (FEDORA-2023-9e5a29a25d)
- 673279 EulerOS Security Update for glib2 (EulerOS-SA-2023-2612)
- 673293 EulerOS Security Update for glib2 (EulerOS-SA-2023-2582)