Vulnerability CVE-2021-27219

Vulnerability Name:

CVE-2021-27219 (CCN-196782)

Assigned:

2021-02-04

Published:

2021-02-04

Updated:

2022-12-07

Summary:

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

9.8 Critical (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-787

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-27219

Source: XF
Type: UNKNOWN
glib-cve202127219-dos(196782)

Source: CCN
Type: GNOME Gitlab Repository
Merge branch '2319-memdup' into 'master'

Source: CCN
Type: GNOME Gitlab Repository
Merge branch 'backport-1926-memdup-glib-2-66' into 'glib-2-66'

Source: CCN
Type: GLib GIT Repository
CVE-2021-27219 (GHSL-2021-045): integer overflow in g_bytes_new/g_memdup

Source: cve@mitre.org
Type: Exploit, Issue Tracking, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: IBM Security Bulletin 6476210 (Elastic Storage Server)
glibc vulnerability affects IBM Elastic Storage System (CVE-2021-27219)

Source: CCN
Type: IBM Security Bulletin 6493729 (Cloud Pak for Security)
Cloud Pak for Security is vulnerable to several CVEs

Source: CCN
Type: IBM Security Bulletin 6508583 (Rational DOORS Next Generation)
Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products.

Source: CCN
Type: IBM Security Bulletin 6518308 (Hardware Management Console)
Vulnerability in glib2 (CVE-2021-27218 and CVE-2021-27219) affects Power HMC

Source: CCN
Type: IBM Security Bulletin 6520674 (QRadar SIEM)
IBM QRadar SIEM Application Framework v1 (CentOS6) is End of Life

Source: CCN
Type: IBM Security Bulletin 6526532 (App Connect Professional)
App Connect Professional is affected by GNU C Library vulnerability.

Source: CCN
Type: IBM Security Bulletin 6538418 (Security Verify Access)
Multiple Security Vulnerabilities fixed in IBM Security Verify Access

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:rhel_els:6:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnome:glib:2.66.0:*:*:*:*:*:*:*

OR cpe:/a:gnome:glib:2.67.0:*:*:*:*:*:*:*

OR cpe:/a:gnome:glib:2.67.1:*:*:*:*:*:*:*

OR cpe:/a:gnome:glib:2.67.2:*:*:*:*:*:*:*

AND

cpe:/a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:elastic_storage_server:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_next_generation:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:hardware_management_console:9.2.950.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7509	P	glib2-devel-2.70.5-150400.3.8.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3580	P	libcairo-gobject2-1.15.2-25.3.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94692	P	libprocps7-3.3.15-7.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94564	P	glib2-devel-2.70.4-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2934	P	glib2-devel-2.70.4-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:67	P	glib2-devel-2.62.6-3.6.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:102235	P	Security update for libslirp (Low)	2022-04-24
oval:org.opensuse.security:def:99219	P	(Important)	2022-03-04
oval:org.opensuse.security:def:996	P	Security update for containerd, docker (Moderate)	2022-02-04
oval:org.opensuse.security:def:112296	P	gio-branding-upstream-2.68.4-2.2 on GA media (Moderate)	2022-01-17
oval:com.redhat.rhsa:def:20214526	P	RHSA-2021:4526: mingw-glib2 security, bug fix, and enhancement update (Important)	2021-11-09
oval:org.opensuse.security:def:105819	P	gio-branding-upstream-2.68.4-2.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:99417	P	(Important)	2021-09-23
oval:org.opensuse.security:def:101405	P	subversion-server-1.10.6-3.15.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:100843	P	glib2-devel-2.62.6-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62085	P	glib2-devel-2.62.6-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71826	P	glib2-devel-2.62.6-3.6.1 on GA media (Moderate)	2021-08-09
oval:com.redhat.rhsa:def:20212467	P	RHSA-2021:2467: glib2 security update (Important)	2021-06-17
oval:com.redhat.rhsa:def:20212170	P	RHSA-2021:2170: glib2 security and bug fix update (Important)	2021-06-01
oval:com.redhat.rhsa:def:20212147	P	RHSA-2021:2147: glib2 security update (Important)	2021-05-31
oval:org.opensuse.security:def:9108	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:92269	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:97328	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:10224	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:93024	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:70364	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:9470	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:92467	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:69610	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:99616	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:10417	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:93177	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:8720	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:70557	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:99024	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:9667	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:92666	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:69807	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:99815	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:93330	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:8913	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:92074	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:9866	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:92865	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:70006	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:100127	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:32274	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:60480	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:89263	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:24040	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:55864	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:84742	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:5979	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:34657	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:30041	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:58920	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:87561	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:21426	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:52028	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:82693	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:126839	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:33097	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:61113	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:89521	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:26211	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:57181	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:85822	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:6320	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:35290	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:31358	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:59608	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:88266	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:23193	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:54776	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:83248	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:127236	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:33785	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:28953	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:57568	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:86209	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:51181	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:81120	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:31745	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:59866	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:88583	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:23762	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:55309	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:84284	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:5198	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:34043	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:29486	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:58097	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:86738	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:51750	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:82160	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:125673	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:111261	P	Security update for glib2 (Important)	2021-03-14
oval:org.opensuse.security:def:73791	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:100715	P	(Important)	2021-03-12
oval:org.opensuse.security:def:67063	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:42158	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:5974	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:76131	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:95522	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:108071	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:117585	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:100382	P	(Important)	2021-03-12
oval:org.opensuse.security:def:64669	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:108901	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:97286	P	Security update for glib2 (Important)	2021-03-12

BACK