Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-32636: (CVE-2023-32636) fuzz_variant_text: Timeout in fuzz_variant_text (#2841) · Issues · GNOME / GLib · GitLab

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.

CVE
#dos#git#chrome

New oss-fuzz issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54314

It’s a slowness in printing large tuples due to the new extra checks for offset table validity.

I’ve got a fix locally which I’ll attach shortly.

Related news

Red Hat Security Advisory 2024-2528-03

Red Hat Security Advisory 2024-2528-03 - An update for mingw-glib2 is now available for Red Hat Enterprise Linux 9.

Ubuntu Security Notice USN-6165-2

Ubuntu Security Notice 6165-2 - USN-6165-1 fixed vulnerabilities in GLib. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that GLib incorrectly handled non-normal GVariants. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or perform other unknown attacks.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907