CVE-2021-27218
Published: 15 February 2021
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
glib2.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.66.7-1)
|
Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(2.67.5-2)
|
|
Ubuntu 20.10 (Groovy Gorilla) |
Released
(2.66.1-2ubuntu0.1)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Released
(2.64.6-1~ubuntu20.04.2)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(2.56.4-0ubuntu0.18.04.7)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(2.48.2-0ubuntu4.7)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Needs triage
|
|
Patches: Upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942 (master) Upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944 (2.66) Upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/acb7b0ec69f26a7df10af3992359890b09f076e8 Upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/0f384c88a241bbbd884487b1c40b7b75f1e638d3 (2.66) |