Vulnerability Description
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Glib | < 2.66.7 |
| Fedoraproject | Fedora | 33 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Cloud Backup | - |
| Netapp | E-Series Performance Analyzer | - |
| Broadcom | Brocade Fabric Operating System Firmware | - |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942PatchVendor Advisory
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944PatchVendor Advisory
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430
- https://lists.debian.org/debian-lts-announce/2022/06/msg00006.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202107-13Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210319-0004/Third Party Advisory
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942PatchVendor Advisory
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944PatchVendor Advisory
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430
FAQ
What is CVE-2021-27218?
CVE-2021-27218 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated mod...
How severe is CVE-2021-27218?
CVE-2021-27218 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27218?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Glib, Fedoraproject Fedora, Netapp Active Iq Unified Manager, Netapp Cloud Backup, Netapp E-Series Performance Analyzer.