First published: Thu Feb 04 2021(Updated: )
An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/glib2 | <0:2.28.8-11.el6_10 | 0:2.28.8-11.el6_10 |
redhat/glib2 | <0:2.56.1-9.el7_9 | 0:2.56.1-9.el7_9 |
redhat/glib2 | <0:2.42.2-6.el7_2 | 0:2.42.2-6.el7_2 |
redhat/glib2 | <0:2.46.2-5.el7_3 | 0:2.46.2-5.el7_3 |
redhat/glib2 | <0:2.50.3-4.el7_4 | 0:2.50.3-4.el7_4 |
redhat/glib2 | <0:2.56.1-5.el7_6 | 0:2.56.1-5.el7_6 |
redhat/glib2 | <0:2.56.1-6.el7_7 | 0:2.56.1-6.el7_7 |
redhat/mingw-glib2 | <0:2.66.7-2.el8 | 0:2.66.7-2.el8 |
redhat/glib2 | <0:2.56.4-10.el8_4 | 0:2.56.4-10.el8_4 |
redhat/glib2 | <0:2.56.4-8.el8_1 | 0:2.56.4-8.el8_1 |
redhat/glib2 | <0:2.56.4-8.el8_2.1 | 0:2.56.4-8.el8_2.1 |
redhat/redhat-virtualization-host | <0:4.3.16-20210615.0.el7_9 | 0:4.3.16-20210615.0.el7_9 |
redhat/redhat-virtualization-host | <0:4.4.6-20210615.0.el8_4 | 0:4.4.6-20210615.0.el8_4 |
redhat/glib | <2.67.3 | 2.67.3 |
redhat/glib | <2.66.6 | 2.66.6 |
GNOME GLib | <2.66.6 | |
GNOME GLib | >=2.67.0<2.67.3 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Cloud Backup | ||
Netapp E-series Performance Analyzer | ||
Broadcom Brocade Fabric Operating System Firmware | ||
Debian Debian Linux | =9.0 | |
IBM CLM | <=6.0.6.1 | |
IBM CLM | <=6.0.6 | |
IBM ELM | <=7.0.2 | |
IBM ELM | <=7.0 | |
IBM ELM | <=7.0.1 | |
IBM Engineering Requirements Quality Assistant | <=1.0 | |
IBM Engineering Requirements Quality Assistant On-Premises | <=All | |
IBM EWM | <=7.0.2 | |
IBM EWM | <=7.0.1 | |
IBM RTC | <=6.0.2 | |
IBM RTC | <=6.0.6.1 | |
IBM EWM | <=7.0 | |
IBM RTC | <=6.0.6 | |
IBM Engineering Systems Design Rhapsody | <=All | |
IBM DOORS Next | <=7.0.2 | |
IBM DOORS Next | <=7.0 | |
IBM DOORS Next | <=7.0.1 | |
IBM RDNG | <=6.0.6.1 | |
IBM RDNG | <=6.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2021-27219 is a vulnerability in GNOME GLib that could allow a remote attacker to cause a denial of service.
The severity of CVE-2021-27219 is critical, with a severity value of 9.8.
To fix CVE-2021-27219, update to version 2.67.3 of the glib library or the appropriate version for your operating system.
You can find more information about CVE-2021-27219 in the GitLab issue and the Red Hat bugzilla.
The CWEs associated with CVE-2021-27219 are CWE-190, CWE-787, and CWE-681.