Your submission was sent successfully! Close

CVE-2021-27219

Published: 15 February 2021

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

Notes

AuthorNote
mdeslaur
see gnome bug for multiple regression fixes solved in 2.66.7
Upstream fixed this in 2.67 by adding a new g_memdup2() function
and deprecating g_memdup(). For the 2.66 stable release, they
added g_memdup2(), but in a private manner so that internal uses
of g_memdup() could be switched, but this won't fix external
applications.
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
glib2.0
Launchpad, Ubuntu, Debian
bionic
Released (2.56.4-0ubuntu0.18.04.7)
focal
Released (2.64.6-1~ubuntu20.04.2)
groovy
Released (2.66.1-2ubuntu0.1)
hirsute Not vulnerable
(2.67.5-2)
impish Not vulnerable
(2.67.5-2)
jammy Not vulnerable
(2.67.5-2)
precise Ignored
(end of ESM support, was needs-triage)
trusty Needs triage

upstream
Released (2.66.6-1, 2.67.3)
xenial
Released (2.48.2-0ubuntu4.7)
Patches:
upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1926 (master)
upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1927 (2.66)
upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/e8fe1d51fe07f506211680c76145eea737f4bf30 (2.66)
upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1933 (2.66 regression)
upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/00b181fa84f2d836f7f4401c0cd08f38e5b39167 (2.66 regression)
upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1943 (2.66 regression #2)
upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/b34d68b672c35042b7d7334590e1e0cd653f3826 (2.66 regression #2)