CVE-2021-27219

Published: Feb 15, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

Affected (9)

Products: Gnome: Glib · Fedoraproject: Fedora · Broadcom: Brocade Fabric Operating System Firmware · +2 more

Show all products

Gnome: Glib · Fedoraproject: Fedora · Broadcom: Brocade Fabric Operating System Firmware · Debian: Debian Linux · Netapp: Active Iq Unified Manager, Cloud Backup, E Series Performance Analyzer

1 product

1 product

1 product

Brocade Fabric Operating System Firmware

1 product

3 products

Active Iq Unified Manager

E Series Performance Analyzer

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gnome Glib	Before 2.66.6
Gnome Glib	From 2.67.0 to 2.67.3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Broadcom Brocade Fabric Operating System Firmware	All versions
Debian Debian Linux	Version 9.0
Netapp Active Iq Unified Manager	All versions
Netapp Cloud Backup	All versions
Netapp E Series Performance Analyzer	All versions

Related CWEs

Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References (14)

https://gitlab.gnome.org/GNOME/glib/-/issues/2319

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/

Source: cve@mitre.org

https://security.gentoo.org/glsa/202107-13

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210319-0004/

Source: cve@mitre.org

Third Party Advisory

https://gitlab.gnome.org/GNOME/glib/-/issues/2319

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202107-13

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210319-0004/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.