CVE-2021-27219

CWE-681CWE-190Integer OverflowCWE-787Out-of-bounds Write9 documents8 sources
Severity
7.5HIGH
EPSS
1.4%
top 19.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Gnome GlibDebian Debian LinuxFedoraproject Fedora
Timeline
PublishedFeb 15
Latest updateMay 24

Description

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDgnome/glib2.67.02.67.3+1
Debianglib2.0< 2.66.6-1+3

Also affects: Debian Linux 9.0, Fedora 33, 34

🔴Vulnerability Details

4
GHSA
GHSA-2wvj-9m7h-43j3: An issue was discovered in GNOME GLib before 22022-05-24
OSV
glib2.0 vulnerabilities2021-03-08
CVEList
CVE-2021-27219: An issue was discovered in GNOME GLib before 22021-02-15
OSV
CVE-2021-27219: An issue was discovered in GNOME GLib before 22021-02-15

📋Vendor Advisories

4
Ubuntu
GLib vulnerabilities2021-03-08
Microsoft
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The 2021-02-09
Red Hat
glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits2021-02-04
Debian
CVE-2021-27219: glib2.0 - An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Th...2021
CVE-2021-27219 (HIGH CVSS 7.5) | An issue was discovered in GNOME GL | cvebase.io