Vulnerabilities > CVE-2021-27219 - Incorrect Conversion between Numeric Types vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://gitlab.gnome.org/GNOME/glib/-/issues/2319
- https://security.netapp.com/advisory/ntap-20210319-0004/
- https://security.gentoo.org/glsa/202107-13
- https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/