Bugzilla – Bug 1211948
VUL-0: CVE-2023-32636: glib2: fuzz_variant_text: timeout in fuzz_variant_text()
Last modified: 2023-09-05 16:30:23 UTC
CVE-2023-32636 GLib's GVariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE 2023-29499 References: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833
(In reply to Carlos López from comment #0) > This bug does not affect any > released version of GLib, but does affect GLib distributors who followed the > guidance of GLib developers to backport the initial fix for CVE 2023-29499 This is bsc#1211947
SUSE-SU-2023:3535-1: An update that solves six vulnerabilities can now be installed. Category: security (important) Bug References: 1183533, 1211945, 1211946, 1211947, 1211948, 1211951 CVE References: CVE-2021-28153, CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): glib2-2.54.3-150000.4.29.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): glib2-2.54.3-150000.4.29.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): glib2-2.54.3-150000.4.29.1 SUSE Enterprise Storage 6 (src): glib2-2.54.3-150000.4.29.1 SUSE CaaS Platform 4.0 (src): glib2-2.54.3-150000.4.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.