Incorrect Conversion between Numeric Types

Affecting glib2.0 package, versions <2.56.4-0ubuntu0.18.04.7

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Incorrect Conversion between Numeric Types. An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

Remediation

Upgrade glib2.0 to version or higher.

References

CVSS Score

7.5
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    None
  • Availability
    High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE
CVE-2021-27219
CWE
CWE-681
Snyk ID
SNYK-UBUNTU1804-GLIB20-1075539
Disclosed
15 Feb, 2021
Published
17 Feb, 2021