Lack of data validation In glib2.0
Description
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 debian 14 | 2.86.3-1 | ||
debian 13 | 2.84.4-3~deb13u2 | ||
debian 11 | 2.66.8-1+deb11u7 | ||
debian 12 | 2.74.6-2+deb12u8 | ||
 rpm rhel8 | 0:2.56.4-168.el8_10 | ||
rpm rhel8.4 | 0:2.56.4-10.el8_4.4 | ||
rpm rhel9 | 0:2.68.4-18.el9_7.1 | ||
rpm rhel9.4 | 0:2.68.4-14.el9_4.5 | ||
rpm rhel10 | 0:2.87.0-1.el10 | ||
rpm rhel8 | - | - |
1-10 of 16
10
Aliases
1. 2. 3. 4. 5.