N/A

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

未加控制的资源消耗(资源穷尽)

glib2 资源管理错误漏洞

glib2是GNOME项目的一个通用的、可移植的实用程序库。提供了许多有用的数据类型、宏、类型转换、字符串实用程序、文件实用程序、主循环抽象等。 glib2 存在资源管理错误漏洞， 该漏洞源于fuzz_variant_text 对偏移表有效性进行了新的额外检查，导致超时。

N/A

N/A