CVE-2021-27219

Published: 15 February 2021

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
glib2.0
Launchpad, Ubuntu, Debian
Upstream
Released (2.66.6-1, 2.67.3)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.67.5-2)
Ubuntu 20.10 (Groovy Gorilla)
Released (2.66.1-2ubuntu0.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2.64.6-1~ubuntu20.04.2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.56.4-0ubuntu0.18.04.7)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.48.2-0ubuntu4.7)
Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Patches:
Upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1926 (master)
Upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1927 (2.66)
Upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/e8fe1d51fe07f506211680c76145eea737f4bf30 (2.66)
Upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1933 (2.66 regression)
Upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/00b181fa84f2d836f7f4401c0cd08f38e5b39167 (2.66 regression)
Upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1943 (2.66 regression #2)
Upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/b34d68b672c35042b7d7334590e1e0cd653f3826 (2.66 regression #2)

Notes

AuthorNote
mdeslaur
see gnome bug for multiple regression fixes solved in 2.66.7
Upstream fixed this in 2.67 by adding a new g_memdup2() function
and deprecating g_memdup(). For the 2.66 stable release, they
added g_memdup2(), but in a private manner so that internal uses
of g_memdup() could be switched, but this won't fix external
applications.

References

Bugs