AZL-28778

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-28778.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-28778

Upstream

CVE-2023-32636

Published

2023-09-14T20:15:09Z

Modified

2026-04-01T05:09:49.121377Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2023-32636 affecting package glib for versions less than 2.71.0-4

Details

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-32636

Affected packages

Azure Linux:2 / glib

Package

Name: glib
Purl: pkg:rpm/azure-linux/glib

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.71.0-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-28778.json"