« List of all CVEs

CVE-2023-29499

Gvariant offset table entry size is not checked in is_normal()

Published: 9/14/2023 Last updated: 2/13/2025 Reserved: 5/30/2023

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.5	Medium	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (1)

Products affected (8)

Product	Vendor	Version
Fedora 37	Fedora	< c1322eaeb8af0d8985b5cc5fa759140fa0e57b84
Red Hat Enterprise Linux 6	Red Hat	< 6.8.7
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	< 16.92.24120731
Red Hat Enterprise Linux 9	Red Hat	N/A
Fedora 38	Fedora	< 16.0.5478.1002
Fedora 37	Fedora	< 6.0.6003.22015
glib2	n/a	n/a

References (12)

Credits (1)

Upstream acknowledges William Manley as the original reporter.