Vulnerability Description
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Glib | < 2.74.4 |
Related Weaknesses (CWE)
References
- https://gitlab.gnome.org/GNOME/glib/-/issues/2841Issue TrackingVendor Advisory
- https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-Broken Link
- https://security.netapp.com/advisory/ntap-20231110-0002/Third Party Advisory
- https://gitlab.gnome.org/GNOME/glib/-/issues/2841Issue TrackingVendor Advisory
- https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-Broken Link
- https://security.netapp.com/advisory/ntap-20231110-0002/Third Party Advisory
FAQ
What is CVE-2023-32636?
CVE-2023-32636 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table valid...
How severe is CVE-2023-32636?
CVE-2023-32636 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32636?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Glib.