An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform the length would be truncated modulo 2**32 causing unintended length truncation.

🗓️ 25 Feb 2021 08:00:00Reported by MicrosoftType

GLib truncates array length for four gigabyte buffers on 64-bit platforms before versions 2.66.7 and 2.67.4.

Reporter	Title	Published	Views	Family All 146
IBM Security Bulletins	Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2021-27218, CVE-2021-27219]	27 Sep 202408:35	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities fixed in Cloud Pak for Automation components	19 Jan 202216:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93	14 Mar 202220:12	–	ibm
IBM Security Bulletins	Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability.	15 Dec 202106:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in glib2 (CVE-2021-27218 and CVE-2021-27219) affects Power HMC	22 Nov 202105:54	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access	7 Jan 202200:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities	25 Apr 202214:44	–	ibm
Tenable Nessus	Amazon Linux 2 : glib2 (ALAS-2021-1711)	6 Oct 202100:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0055: glib2 (ALINUX3-SA-2021:0055)	14 May 202500:00	–	nessus

Vulners

Node

16 Dec 2021 08:00Current

7.9High risk

Vulners AI Score7.9

CVSS 25

CVSS 3.17.5

EPSS0.10494