Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Out-of-bounds read causes a crash (A:H) with at most limited memory exposure (C:L, not H); reachable without auth or interaction where an app parses untrusted introspection XML, hence AV:N/AC:L/PR:N/UI:N.
Primary rating from Vendor (redhat).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
7DescriptionNVD
A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.
AnalysisAI
Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-Bus introspection XML that nests a <node> element inside <method>, <signal>, <property>, or <arg>. This state-confusion bug triggers an unsigned integer underflow/overflow (CWE-191) and a subsequent out-of-bounds read, crashing any application or service that parses attacker-influenced introspection data. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target application or service call g_dbus_node_info_new_for_xml() (or equivalent GDBusNodeInfo XML parsing) on introspection XML the attacker can control or influence, and that XML must specifically nest a <node> element inside a <method>, <signal>, <property>, or <arg> element to trigger the state confusion. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals conflict and warrant scrutiny. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker supplies a crafted D-Bus introspection XML document containing a <node> element nested inside a <method> or <arg> to a target application or service that calls g_dbus_node_info_new_for_xml(). The parser's integer counter wraps, an out-of-bounds read follows, and the process crashes, denying service. … |
| Remediation | Vendor-released patch: upgrade GLib to 2.88.1 or later, which corrects the state-confusion handling of nested <node> elements. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems and applications using GLib versions prior to 2.88.1, including production services, containerized workloads, and embedded systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Enterprise Linux
View allSudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot opti
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), t
A heap-based buffer overflow flaw was found in the rsync daemon. Rated critical severity (CVSS 9.8), this vulnerability
Stack-based buffer overflow in libxml2's xmlBuildQName function allows remote unauthenticated attackers to crash affecte
Server-to-client path traversal in rsync lets a malicious or compromised rsync server write files outside the client's i
A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no auth
A flaw was found in xfig. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit co
CVE-2025-5914 is an integer overflow vulnerability in libarchive's archive_read_format_rar_seek_data() function that lea
A flaw was found in Yelp. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication
A flaw was found in libsoup. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authenticati
A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authenticati
Same weakness CWE-191 – Integer Underflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40319
GHSA-8rpw-4xx7-27w7