glib2 is vulnerable to denial of service. When g_byte_array_new_take()
is called with a buffer of 4GB or more on a 64-bit platform, an integer overflow occurs as the length would be a truncated modulo 2**32
, causing unintended length truncation.
access.redhat.com/errata/RHSA-2021:3058
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1929847
gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
gitlab.gnome.org/GNOME/glib/-/merge_requests/1944
lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
lists.debian.org/debian-lts-announce/2022/06/msg00006.html
lists.fedoraproject.org/archives/list/[email protected]/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/
lists.fedoraproject.org/archives/list/[email protected]/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/
security.gentoo.org/glsa/202107-13
security.netapp.com/advisory/ntap-20210319-0004/