CVE-2021-27219

Note

see gnome bug for multiple regression fixes solved in 2.66.7
Upstream fixed this in 2.67 by adding a new g_memdup2() function
and deprecating g_memdup(). For the 2.66 stable release, they
added g_memdup2(), but in a private manner so that internal uses
of g_memdup() could be switched, but this won't fix external
applications.

Package	Release	Status
glib2.0 Launchpad, Ubuntu, Debian	impish	Not vulnerable (2.67.5-2)
	upstream	Released (2.66.6-1, 2.67.3)
	trusty	Needed
	hirsute	Not vulnerable (2.67.5-2)
	bionic	Released (2.56.4-0ubuntu0.18.04.7)
	focal	Released (2.64.6-1~ubuntu20.04.2)
	groovy	Released (2.66.1-2ubuntu0.1)
	xenial	Released (2.48.2-0ubuntu4.7)
	jammy	Not vulnerable (2.67.5-2)
	kinetic	Not vulnerable (2.67.5-2)
	lunar	Not vulnerable (2.67.5-2)
	Patches: upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1926 (master) upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1927 (2.66) upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/e8fe1d51fe07f506211680c76145eea737f4bf30 (2.66) upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1933 (2.66 regression) upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/00b181fa84f2d836f7f4401c0cd08f38e5b39167 (2.66 regression) upstream: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1943 (2.66 regression #2) upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/b34d68b672c35042b7d7334590e1e0cd653f3826 (2.66 regression #2)

Parameter	Value
Base score	7.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Security

CVE-2021-27219

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading