VulnerableCode Package Details - pkg:deb/ubuntu/glib2.0@2.63.1-2ubuntu1

Search for packages

Package details: pkg:deb/ubuntu/glib2.0@2.63.1-2ubuntu1

Essentials
History (0)

purl	pkg:deb/ubuntu/glib2.0@2.63.1-2ubuntu1

Next non-vulnerable version	2.64.6-1~ubuntu20.04.4
Latest non-vulnerable version	2.64.6-1~ubuntu20.04.4
Risk	4.4

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-31vp-bd65-aaaa Aliases: CVE-2021-27219 GHSL-2021-045	An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.	2.64.6-1~ubuntu20.04.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-38zg-dgk4-aaac Aliases: CVE-2021-28153	An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)	2.64.6-1~ubuntu20.04.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-dh4p-ygqy-aaak Aliases: CVE-2021-3800	CVE-2021-3800 glib2: Possible privilege escalation thourgh pkexec and aliases	2.64.6-1~ubuntu20.04.4 Affected by 0 other vulnerabilities.
VCID-gq67-5cnu-aaam Aliases: CVE-2021-27218	An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.	2.64.6-1~ubuntu20.04.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zyf2-q3u4-aaae Aliases: CVE-2020-6750	GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.	2.64.1-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version