CVE-2021-27218

NameCVE-2021-27218
DescriptionAn issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs982779

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glib2.0 (PTS)stretch2.50.3-2+deb9u2vulnerable
buster2.58.3-2+deb10u2vulnerable
bullseye, sid2.66.7-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glib2.0source(unstable)2.66.7-1982779

Notes

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942

Search for package or bug name: Reporting problems