CVE-2021-27218

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

References

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944

https://lists.apache.org/thread.html/[email protected]%3Cdev.mina.apache.org%3E

https://lists.fedoraproject.org/archives/list/[email protected]/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/

https://security.netapp.com/advisory/ntap-20210319-0004/

https://lists.fedoraproject.org/archives/list/[email protected]/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/

https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.bookkeeper.apache.org%3E

Details

Source: MITRE

Published: 2021-02-15

Updated: 2021-07-07

Type: CWE-681

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*

cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
151298EulerOS Virtualization for ARM 64 3.0.2.0 : glib2 (EulerOS-SA-2021-2117)NessusHuawei Local Security Checks
medium
151228EulerOS Virtualization 3.0.6.6 : glib2 (EulerOS-SA-2021-2030)NessusHuawei Local Security Checks
medium
151180EulerOS Virtualization for ARM 64 3.0.6.0 : glib2 (EulerOS-SA-2021-1999)NessusHuawei Local Security Checks
medium
150204EulerOS 2.0 SP9 : glib2 (EulerOS-SA-2021-1945)NessusHuawei Local Security Checks
medium
150181EulerOS 2.0 SP9 : glib2 (EulerOS-SA-2021-1924)NessusHuawei Local Security Checks
medium
149622EulerOS 2.0 SP8 : glib2 (EulerOS-SA-2021-1871)NessusHuawei Local Security Checks
medium
149619EulerOS 2.0 SP5 : glib2 (EulerOS-SA-2021-1898)NessusHuawei Local Security Checks
high
149187EulerOS 2.0 SP3 : glib2 (EulerOS-SA-2021-1789)NessusHuawei Local Security Checks
critical
148616EulerOS Virtualization 2.9.0 : glib2 (EulerOS-SA-2021-1759)NessusHuawei Local Security Checks
medium
148582EulerOS Virtualization 2.9.1 : glib2 (EulerOS-SA-2021-1712)NessusHuawei Local Security Checks
medium
148023Photon OS 4.0: Glib PHSA-2021-4.0-0001NessusPhotonOS Local Security Checks
high
147993Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : GLib vulnerabilities (USN-4759-1)NessusUbuntu Local Security Checks
high
147938SUSE SLES15 Security Update : glib2 (SUSE-SU-2021:0890-1)NessusSuSE Local Security Checks
high
147851SUSE SLES12 Security Update : glib2 (SUSE-SU-2021:0801-1)NessusSuSE Local Security Checks
high
147796SUSE SLED15 / SLES15 Security Update : glib2 (SUSE-SU-2021:0778-1)NessusSuSE Local Security Checks
high
147779openSUSE Security Update : glib2 (openSUSE-2021-406)NessusSuSE Local Security Checks
high
147768Fedora 33 : mingw-glib2 (2021-7c71cda8da)NessusFedora Local Security Checks
high
147008Photon OS 1.0: Glib PHSA-2021-1.0-0365NessusPhotonOS Local Security Checks
high
147002Photon OS 2.0: Glib PHSA-2021-2.0-0322NessusPhotonOS Local Security Checks
high
146998Photon OS 3.0: Glib PHSA-2021-3.0-0201NessusPhotonOS Local Security Checks
high