Advisory ROSA-SA-2025-2598

software: glib2.0 2.72.3 OS: ROSA-CHROME packageevrstring: glib2.0-2.72.3-4 CVE-ID: CVE-2023-29499 BDU-ID: 2023-07646 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the isnormal function of the Glib library is associated with uncontrolled resource consumption. Exploitation of the vulnerability coul...

The vulnerability of the gsocks4aproxy.c component in the Glib library allows a hacker to cause a service failure.

The vulnerability of the gsocks4aproxy.c component in the Glib library is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

ROS-20241203-09

A vulnerability in the gsocks4aproxy.c component of the Glib library is associated with an overshoot by one error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

USN-7114-1 glib2.0 vulnerability

It was discovered that Glib incorrectly handled certain trailing characters. An attacker could possibly use this issue to cause a crash or other undefined behavior...

OESA-2024-2381 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: gio/gsocks4aproxy.c in GNOME GLib before...

AZL-52608 CVE-2024-52533 affecting package glib for versions less than 2.71.0-3

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4CONNMSGLEN is not sufficient for a trailing '\0' character...

CLSA-2024-1730800739 glib2: Fix of CVE-2024-34397

CVE-2024-34397: Fix GDBus signal subscriptions from unicast spoofing...

The vulnerability of the GLib library set, related to the disclosure of information, allows attackers to gain access to confidential data.

The vulnerability of the GLib library set is related to the exposure of information. Exploiting this vulnerability allows an attacker to gain access to confidential data...

OESA-2024-1789 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: An issue was discovered in GNOME GLib...

OESA-2024-1788 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: An issue was discovered in GNOME GLib...

The vulnerability of the NetworkManager service in the Glib library allows a hacker to trigger a service failure.

The vulnerability of the NetworkManager service in the Glib library is related to improper checking of the connection source. Exploiting this vulnerability can allow a malicious actor to cause a service failure...

The vulnerability of the Glib library, related to buffer overflows in dynamic memory, allows attackers to execute arbitrary code.

The vulnerability of the Glib library is related to overflowing buffers in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Glib library, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the Glib library is related to uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause a service failure...

[SECURITY] [DLA 3814-1] glib2.0 security update

Debian LTS Advisory DLA-3814-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 13, 2024 https://wiki.debian.org/LTS Package : glib2.0 Version : 2.58.3-2+deb10u6 CVE ID : CVE-2024-34397 Alicia Boya Garcia reported that the GDBus signal subscriptions in the GLib...

USN-6768-1 glib2.0 vulnerability

Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety of impacts including possible privilege escalation...

SUSE CVE-2024-34397

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based...

AZL-40403 CVE-2024-34397 affecting package glib for versions less than 2.71.0-7

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based...

GNOME GLib 安全漏洞

GNOME GLib is a multi-platform toolkit for creating graphical user interfaces, and is the underlying core library that underpins GTK+ and GNOME projects. A security vulnerability exists in GNOME GLib versions prior to 2.78.5 and prior to 2.80.1, which stems from the vulnerability of GDBus signali...

ROS-20240506-02

A vulnerability in the Glib library is related to GVariant deserialization. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability of Glib library function gbytearraynewtake is related to buffer copying without checking the the size of the input data...

glib: Timeout in fuzz_variant_text

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect gli...