Skip to main content

Glib CVE-2021-27218

HIGH
Incorrect Conversion between Numeric Types (CWE-681)
2021-02-15 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 15, 2021 - 17:15 nvd
HIGH 7.5

DescriptionNVD

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

AnalysisAI

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-681. An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. Affected products include: Gnome Glib, Fedoraproject Fedora, Netapp Active Iq Unified Manager, Netapp Cloud Backup, Netapp E-Series Performance Analyzer. Version information: before 2.66.7.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Glib

View all
CVE-2024-52533 CRITICAL POC
9.8 Nov 11

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CON

CVE-2018-16428 CRITICAL POC
9.8 Sep 04

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. Rated critical sev

CVE-2020-35457 HIGH POC
7.8 Dec 14

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entri

CVE-2025-13601 HIGH POC
7.7 Nov 26

Heap-based buffer overflow in GLib's g_escape_uri_string() function allows local attackers to achieve high-integrity and

CVE-2021-27219 HIGH POC
7.5 Feb 15

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulne

CVE-2018-16429 HIGH POC
7.5 Sep 04

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf

CVE-2020-6750 MEDIUM POC
5.9 Jan 09

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting v

CVE-2025-14087 CRITICAL
9.8 Dec 10

Heap corruption in GLib (GNOME's core C utility library) lets remote attackers trigger a buffer-underflow in the GVarian

CVE-2019-12450 CRITICAL
9.8 May 29

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while

CVE-2021-28153 MEDIUM POC
5.3 Mar 11

An issue was discovered in GNOME GLib before 2.66.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely ex

CVE-2024-34397 MEDIUM POC
5.2 May 07

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. Rated medium severity (CVSS 5.

CVE-2026-58016 CRITICAL
9.1 Jun 30

Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-B

Share

CVE-2021-27218 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy