QID 355458
Date Published: 2023-06-29
QID 355458: Amazon Linux Security Advisory for glib2 : ALAS2023-2023-225
The upstream bug report describes this issue as follows: a vulnerability was found in glib2.0, where dos caused by handling a malicious text-form variant which is structured to cause looping superlinear to its text size.
Applications are at risk if they parse untrusted text-form variants. (
( CVE-2023-24593) the upstream bug report describes this issue as follows: a vulnerability was found in glib2.0, where dos caused by handling a malicious text-form variant which is structured to cause looping superlinear to its text size.
( CVE-2023-25180) glib's gvariant deserialization prior to glib 2.74.4 failed to validate the input conforms to the expected format, leading to denial of service. (
( CVE-2023-29499) glib's gvariant deserialization prior to glib 2.74.4 is vulnerable to a slowdown issue where a crafted gvariant can cause excessive processing, leading to denial of service. (
( CVE-2023-32611) glib's gvariant deserialization prior to glib 2.74.4 is vulnerable to an exponential blowup issue where a crafted gvariant can cause excessive processing, leading to denial of service. (
( CVE-2023-32665)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2023-2023-225 -
alas.aws.amazon.com/AL2023/ALAS-2023-225.html
CVEs related to QID 355458
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2023-2023-225 | amazon linux 2023 |
alas.aws.amazon.com/AL2023/ALAS-2023-225.html |