CVE-2023-32611

G_variant_byteswap() can take a long time with some non-normal inputs

Published: 9/14/2023 Last updated: 2/13/2025 Reserved: 5/30/2023

A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.5	Medium	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (1)

conf-glib-2

Products affected (20)

Product	Vendor	Version
Extra Packages for Enterprise Linux	Fedora	<= 6.1.*
Extra Packages for Enterprise Linux	Fedora	<= *
Red Hat Enterprise Linux 7	Red Hat	< 5.14
Red Hat Enterprise Linux 8	Red Hat	<= 5.10.*
Red Hat Enterprise Linux 9	Red Hat	<= 5.15.*
Fedora 37	Fedora	< 34759b7e4493d7337cbc414c132cef378c492a2c
Fedora 38	Fedora	< 5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd
Red Hat Enterprise Linux 6	Red Hat	4.3
Red Hat Enterprise Linux 7	Red Hat	< 4.3
Red Hat Enterprise Linux 8	Red Hat	<= 6.6.*
Red Hat Enterprise Linux 9	Red Hat	<= 6.7.*
Fedora 37	Fedora	<= 6.17.*
Fedora 38	Fedora	<= *
Red Hat Enterprise Linux 6	Red Hat	5.14
Fedora 37	Fedora	<= 6.12.*
Fedora 37	Fedora	< 60c0d36189bad58b1a8e69af8781d90009559ea1
Fedora 38	Fedora	<= 6.6.*
Fedora 38	Fedora	< b49a786beb11ff740cb9e0c20b999c2a0e1729c2
glib2	n/a	< b7cc4ff787a572edf2c55caeffaa88cd801eb135
glib2	n/a	a55093941e38113dd6f5f5d5d2705fec3018f332

References (24)

Credits (2)

Upstream acknowledges William Manley as the original reporter.
Upstream acknowledges William Manley as the original reporter.