CVE-2023-29499 Gvariant offset table entry size is not checked in is_normal()

🗓️ 14 Sep 2023 19:06:17Reported by redhatType

GVariant deserialization flaw in GLi

Reporter	Title	Published	Views	Family All 122
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM webMethods Managed File Transfer	25 Apr 202510:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple CVEs may affect Operating System packages shipped with IBM CICS TX Advanced 10.1	4 Sep 202311:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	2 Sep 202514:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D	15 Dec 202515:39	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Hyper Converged Database	21 Jan 202610:51	–	ibm
Tenable Nessus	Amazon Linux 2023 : glib2, glib2-devel, glib2-static (ALAS2023-2023-225)	28 Jun 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : glib2 (ALAS-2025-2767)	26 Feb 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0064: glib2 (ALINUX3-SA-2024:0064)	14 May 202500:00	–	nessus
Tenable Nessus	Debian dla-3583 : libglib2.0-0 - security update	26 Sep 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : glib2 (EulerOS-SA-2023-2582)	8 Aug 202300:00	–	nessus

[
  {
    "product": "glib2",
    "vendor": "n/a",
    "defaultStatus": "affected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "glib2",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "glib2",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "glib2",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "glib2",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "product": "Extra Packages for Enterprise Linux",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "glib",
    "defaultStatus": "affected"
  },
  {
    "product": "Fedora 37",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "mingw-glib2",
    "defaultStatus": "affected"
  },
  {
    "product": "Fedora 38",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "glib2",
    "defaultStatus": "affected"
  },
  {
    "product": "Fedora 38",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "mingw-glib2",
    "defaultStatus": "affected"
  },
  {
    "product": "Fedora 37",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "glib2",
    "defaultStatus": "affected"
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20231103-0001/
security	www.security.gentoo.org/glsa/202311-18
lists	www.lists.debian.org/debian-lts-announce/2023/09/msg00030.html
access	www.access.redhat.com/security/cve/CVE-2023-29499
gitlab	www.gitlab.gnome.org/GNOME/glib/-/issues/2794
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

27 Nov 2023 14:06Current

7.6High risk

Vulners AI Score7.6

CVSS 3.15.5

EPSS0.00761

CWE-400