CVE-2021-27218

Published: 15 February 2021

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
glib2.0 Launchpad, Ubuntu, Debian	Upstream	Released (2.66.7-1)
	Ubuntu 21.04 (Hirsute Hippo)	Not vulnerable (2.67.5-2)
	Ubuntu 20.10 (Groovy Gorilla)	Released (2.66.1-2ubuntu0.1)
	Ubuntu 20.04 LTS (Focal Fossa)	Released (2.64.6-1~ubuntu20.04.2)
	Ubuntu 18.04 LTS (Bionic Beaver)	Released (2.56.4-0ubuntu0.18.04.7)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (2.48.2-0ubuntu4.7)
	Ubuntu 14.04 ESM (Trusty Tahr)	Needs triage
	Patches: Upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942 (master) Upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944 (2.66) Upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/acb7b0ec69f26a7df10af3992359890b09f076e8 Upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/0f384c88a241bbbd884487b1c40b7b75f1e638d3 (2.66)

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982779

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM