CVE-2023-32636
MEDIUMglib < 2.74.4 - Denial of Service via GVariant Deserialization Offset Table Validation
Title source: llmDescription
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.
References (3)
Core 3
Core References
Issue Tracking, Vendor Advisory
https://gitlab.gnome.org/GNOME/glib/-/issues/2841
Broken Link
https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231110-0002/
Scores
CVSS v3
4.7
EPSS
0.0017
EPSS Percentile
37.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-502
CWE-400
Status
published
Products (1)
gnome/glib
< 2.74.4
Published
Sep 14, 2023
Tracked Since
Feb 18, 2026