{"api_version":"1","generated_at":"2026-04-20T04:42:32+00:00","cve":"CVE-2023-32636","urls":{"html":"https://cve.report/CVE-2023-32636","api":"https://cve.report/api/cve/CVE-2023-32636.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-32636","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-32636"},"summary":{"title":"CVE-2023-32636","description":"A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-09-14 20:15:00","updated_at":"2023-11-10 18:15:00"},"problem_types":["CWE-400"],"metrics":[],"references":[{"url":"https://gitlab.gnome.org/GNOME/glib/-/issues/2841","name":"https://gitlab.gnome.org/GNOME/glib/-/issues/2841","refsource":"MISC","tags":[],"title":"(CVE-2023-32636) fuzz_variant_text: Timeout in fuzz_variant_text (#2841) · Issues · GNOME / GLib · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835","name":"https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835","refsource":"MISC","tags":[],"title":"Multiple fixes for GVariant normalisation issues in GLib - Platform - GNOME Discourse","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20231110-0002/","name":"https://security.netapp.com/advisory/ntap-20231110-0002/","refsource":"","tags":[],"title":"CVE-2023-32636 Gnome Glib Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-32636","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32636","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"32636","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"glib","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-32636","qid":"199417","title":"Ubuntu Security Notification for GLib Vulnerabilities (USN-6165-1)"},{"cve":"CVE-2023-32636","qid":"199839","title":"Ubuntu Security Notification for GLib Vulnerabilities (USN-6165-2)"},{"cve":"CVE-2023-32636","qid":"284032","title":"Fedora Security Update for mingw (FEDORA-2023-1a7e2b3dda)"},{"cve":"CVE-2023-32636","qid":"284071","title":"Fedora Security Update for mingw (FEDORA-2023-9e5a29a25d)"},{"cve":"CVE-2023-32636","qid":"673279","title":"EulerOS Security Update for glib2 (EulerOS-SA-2023-2612)"},{"cve":"CVE-2023-32636","qid":"673293","title":"EulerOS Security Update for glib2 (EulerOS-SA-2023-2582)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-32636","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-400","cweId":"CWE-400"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"glib","product":{"product_data":[{"product_name":"glib","version":{"version_data":[{"version_affected":"=","version_value":"2.75.1"}]}}]}}]}},"references":{"reference_data":[{"url":"https://gitlab.gnome.org/GNOME/glib/-/issues/2841","refsource":"MISC","name":"https://gitlab.gnome.org/GNOME/glib/-/issues/2841"},{"url":"https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835","refsource":"MISC","name":"https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"version":"3.1","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseSeverity":"MEDIUM","baseScore":4.7,"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}},"nvd":{"publishedDate":"2023-09-14 20:15:00","lastModifiedDate":"2023-11-10 18:15:00","problem_types":["CWE-400"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*","versionEndExcluding":"2.74.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}