CVE-2021-27218
Published: 15 February 2021
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
Priority
Medium
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
glib2.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.66.7-1)
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(2.67.5-2)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Released
(2.64.6-1~ubuntu20.04.2)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(2.56.4-0ubuntu0.18.04.7)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(2.48.2-0ubuntu4.7)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needs triage
|
|
|
Patches: Upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942 (master) Upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944 (2.66) Upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/acb7b0ec69f26a7df10af3992359890b09f076e8 Upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/0f384c88a241bbbd884487b1c40b7b75f1e638d3 (2.66) |
||