Fluid Attacks Database

Description

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	glib2.0	=2.66.8-1 \|\| >=0 <2.66.8-1+deb11u1	2.66.8-1+deb11u1
debian 12	glib2.0	>=0 <2.74.4-1	2.74.4-1
debian 13	glib2.0	>=0 <2.74.4-1	2.74.4-1
debian 14	glib2.0	>=0 <2.74.4-1	2.74.4-1
rpm rhel7	glib2	-	-
rpm rhel9	glib2	<0:2.68.4-11.el9	0:2.68.4-11.el9
rpm rhel8	glib2	-	-
rpm rhel6	glib2	-	-
rpm rhel9	mingw-glib2	<0:2.78.0-1.el9	0:2.78.0-1.el9

Aliases

1. CVE-2023-326652. NVD-2023-326653. OSV-DEBIAN-2023-326654. OSV-2023-326655. SECURITY-TRACKER-CVE-2023-32665

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.