Vulnerability Details : CVE-2021-27219
Potential exploit
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2021-27219
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
- cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-27219
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-27219
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-27219
-
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-27219
-
https://gitlab.gnome.org/GNOME/glib/-/issues/2319
CVE-2021-27219 (GHSL-2021-045): integer overflow in g_bytes_new/g_memdup (#2319) · Issues · GNOME / GLib · GitLabExploit;Issue Tracking;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html
[SECURITY] [DLA 3044-1] glib2.0 security updateMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20210319-0004/
February 2021 GNOME GLib Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/
[SECURITY] Fedora 34 Update: mingw-glib2-2.66.7-1.fc34 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://security.gentoo.org/glsa/202107-13
GLib: Multiple vulnerabilities (GLSA 202107-13) — Gentoo securityThird Party Advisory
-
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
[jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar - Pony MailMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/
[SECURITY] Fedora 33 Update: mingw-glib2-2.66.7-1.fc33 - package-announce - Fedora Mailing-ListsThird Party Advisory
Jump to