CVE-2021-27218

Published: Feb 15, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

Affected (9)

Products: Gnome: Glib · Fedoraproject: Fedora · Broadcom: Brocade Fabric Operating System Firmware · +2 more

Show all products

Gnome: Glib · Fedoraproject: Fedora · Broadcom: Brocade Fabric Operating System Firmware · Debian: Debian Linux · Netapp: Active Iq Unified Manager, Cloud Backup, E Series Performance Analyzer

1 product

1 product

1 product

Brocade Fabric Operating System Firmware

1 product

3 products

Active Iq Unified Manager

E Series Performance Analyzer

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gnome Glib	Before 2.66.7
Gnome Glib	From 2.67.0 to 2.67.4

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Broadcom Brocade Fabric Operating System Firmware	All versions
Debian Debian Linux	Version 9.0
Netapp Active Iq Unified Manager	All versions
Netapp Cloud Backup	All versions
Netapp E Series Performance Analyzer	All versions

Related CWEs

Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References (20)

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942

Source: cve@mitre.org

PatchVendor Advisory

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944

Source: cve@mitre.org

PatchVendor Advisory

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/

Source: cve@mitre.org

https://security.gentoo.org/glsa/202107-13

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210319-0004/

Source: cve@mitre.org

Third Party Advisory

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202107-13

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210319-0004/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.