CVE-2021-27218

moderate-risk

Published 2021-02-15

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

Do I need to act?

5.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (8)

Glib

Fedora

Active Iq Unified Manager

Cloud Backup

E-Series Performance Analyzer

Brocade Fabric Operating System Firmware

Debian Linux

Affected Vendors

Debian Broadcom Gnome Fedoraproject Netapp

References (20)

Patch https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942

Patch https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3...

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8...

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430...

Mailing List https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://security.gentoo.org/glsa/202107-13

Third Party Advisory https://security.netapp.com/advisory/ntap-20210319-0004/