Discovery
Monthly
A heap-based buffer overflow vulnerability exists in the glib library's g_escape_uri_string() function due to an integer overflow in buffer size calculation when processing strings with a very large number of characters requiring URI escaping. This vulnerability affects multiple Red Hat Enterprise Linux 9.0 and 10.0 distributions across various architectures (x86_64, ARM64, IBM Z, Power). A proof-of-concept exploit is publicly available, though EPSS scoring indicates only 0.01% exploitation probability (1st percentile), suggesting limited active exploitation in the wild despite the availability of exploit code.
A flaw was found in rsync. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A heap-based buffer overflow vulnerability exists in the glib library's g_escape_uri_string() function due to an integer overflow in buffer size calculation when processing strings with a very large number of characters requiring URI escaping. This vulnerability affects multiple Red Hat Enterprise Linux 9.0 and 10.0 distributions across various architectures (x86_64, ARM64, IBM Z, Power). A proof-of-concept exploit is publicly available, though EPSS scoring indicates only 0.01% exploitation probability (1st percentile), suggesting limited active exploitation in the wild despite the availability of exploit code.
A flaw was found in rsync. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.