Main Vulnerability Database SB2021021523

SB2021021523 - Security restrictoins bypass in GNOME GLib

Published: February 15, 2021 Updated: March 15, 2021

Security Bulletin ID SB2021021523

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect Conversion between Numeric Types (CVE-ID: CVE-2021-27218)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to incorrect conversion between numeric types in Gnome Glib. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

Remediation

Install update from vendor's website.

References

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E