Vulnerability CVE-2021-27218

Vulnerability Name:

CVE-2021-27218 (CCN-196784)

Assigned:

2021-02-04

Published:

2021-02-04

Updated:

2022-12-07

Summary:

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-190

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-27218

Source: XF
Type: UNKNOWN
glib-cve202127218-dos(196784)

Source: CCN
Type: GLib GIT Repository
CVE-2021-27218: gbytearray: Do not accept too large byte arrays

Source: cve@mitre.org
Type: Patch, Vendor Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Patch, Vendor Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: IBM Security Bulletin 6493729 (Cloud Pak for Security)
Cloud Pak for Security is vulnerable to several CVEs

Source: CCN
Type: IBM Security Bulletin 6518308 (Hardware Management Console)
Vulnerability in glib2 (CVE-2021-27218 and CVE-2021-27219) affects Power HMC

Source: CCN
Type: IBM Security Bulletin 6526532 (App Connect Professional)
App Connect Professional is affected by GNU C Library vulnerability.

Source: CCN
Type: IBM Security Bulletin 6538418 (Security Verify Access)
Multiple Security Vulnerabilities fixed in IBM Security Verify Access

Source: CCN
Type: IBM Security Bulletin 6541298 (Cloud Pak for Automation)
Multiple security vulnerabilities fixed in Cloud Pak for Automation components

Source: CCN
Type: IBM Security Bulletin 6560126 (Sterling Connect:Direct for UNIX Certified Container)
IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93

Source: CCN
Type: IBM Security Bulletin 6574787 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnome:glib:2.66.0:*:*:*:*:*:*:*

OR cpe:/a:gnome:glib:2.67.0:*:*:*:*:*:*:*

OR cpe:/a:gnome:glib:2.67.1:*:*:*:*:*:*:*

OR cpe:/a:gnome:glib:2.67.2:*:*:*:*:*:*:*

AND

cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:hardware_management_console:9.2.950.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7509	P	glib2-devel-2.70.5-150400.3.8.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3580	P	libcairo-gobject2-1.15.2-25.3.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2934	P	glib2-devel-2.70.4-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94692	P	libprocps7-3.3.15-7.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94564	P	glib2-devel-2.70.4-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:67	P	glib2-devel-2.62.6-3.6.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:102235	P	Security update for libslirp (Low)	2022-04-24
oval:org.opensuse.security:def:99219	P	(Important)	2022-03-04
oval:org.opensuse.security:def:996	P	Security update for containerd, docker (Moderate)	2022-02-04
oval:org.opensuse.security:def:112296	P	gio-branding-upstream-2.68.4-2.2 on GA media (Moderate)	2022-01-17
oval:com.redhat.rhsa:def:20214526	P	RHSA-2021:4526: mingw-glib2 security, bug fix, and enhancement update (Important)	2021-11-09
oval:org.opensuse.security:def:105819	P	gio-branding-upstream-2.68.4-2.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:99417	P	(Important)	2021-09-23
oval:com.redhat.rhsa:def:20213058	P	RHSA-2021:3058: glib2 security update (Moderate)	2021-08-10
oval:org.opensuse.security:def:101405	P	subversion-server-1.10.6-3.15.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62085	P	glib2-devel-2.62.6-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71826	P	glib2-devel-2.62.6-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100843	P	glib2-devel-2.62.6-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:99024	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:9667	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:92666	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:69807	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:99815	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:93330	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:8913	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:92074	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:97328	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:9866	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:92865	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:70006	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:100127	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:9108	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:92269	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:10224	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:93024	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:70364	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:9470	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:92467	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:69610	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:99616	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:10417	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:93177	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:8720	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:70557	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:33785	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:28953	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:57568	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:86209	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:51181	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:81120	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:31745	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:59866	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:88583	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:23762	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:55309	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:84284	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:5198	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:34043	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:29486	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:58097	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:86738	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:51750	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:82160	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:125673	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:32274	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:60480	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:89263	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:24040	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:55864	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:84742	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:5979	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:34657	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:30041	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:58920	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:87561	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:21426	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:52028	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:82693	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:126839	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:33097	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:61113	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:89521	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:26211	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:57181	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:85822	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:6320	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:35290	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:31358	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:59608	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:88266	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:23193	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:54776	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:83248	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:127236	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:111261	P	Security update for glib2 (Important)	2021-03-14
oval:org.opensuse.security:def:108071	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:117585	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:97286	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:100382	P	(Important)	2021-03-12
oval:org.opensuse.security:def:64669	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:108901	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:73791	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:100715	P	(Important)	2021-03-12
oval:org.opensuse.security:def:67063	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:42158	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:5974	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:76131	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:95522	P	Security update for glib2 (Important)	2021-03-12

BACK