CVE-2008-4316 — Integer Overflow or Wraparound in Glib

CWE-189 CWE-190 — Integer Overflow or Wraparound9 documents8 sources

Severity

4.6MEDIUMNVD

EPSS

0.2%

top 62.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Glib

Timeline

PublishedMar 14

Latest updateMay 2

Description

Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDgnome/glib2.16.4+4

Patches

Patch: ocert.org ↗Patch: openwall.com ↗Patch: svn.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-96v6-2hh2-wxrr: Multiple integer overflows in glib/gbase64↗2022-05-02

▶

OSV

CVE-2008-4316: Multiple integer overflows in glib/gbase64↗2009-03-14

▶

CVEList

CVE-2008-4316: Multiple integer overflows in glib/gbase64↗2009-03-14

▶

📋Vendor Advisories

Ubuntu

GLib vulnerability↗2009-03-16

▶

Red Hat

glib2: integer overflows in the base64 handling functions (oCERT-2008-015)↗2009-03-12

▶

Debian

CVE-2008-4316: glib2.0 - Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-d...↗2008

▶

💬Community

Bugzilla

CVE-2009-0587 evolution-data-server: integer overflow in base64 encoding functions↗2009-03-03

▶

Bugzilla

CVE-2008-4316 glib2: integer overflows in the base64 handling functions (oCERT-2008-015)↗2008-12-05

▶