CVE-2021-27219 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Vendor	Product	Version
gnome	glib	𝑥 < 2.66.6
gnome	glib	2.67.0 ≤ 𝑥 < 2.67.3
netapp	active_iq_unified_manager	-
netapp	cloud_backup	-
netapp	e-series_performance_analyzer	-
broadcom	brocade_fabric_operating_system_firmware	-
debian	debian_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

glib2.0

bullseye	2.66.8-1+deb11u4 fixed
bullseye (security)	2.66.8-1+deb11u3 fixed
bookworm	2.74.6-2+deb12u3 fixed
bookworm (security)	2.74.6-2+deb12u2 fixed
sid	2.82.2-2 fixed
trixie	2.82.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

glib2.0

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	Fixed 2.66.1-2ubuntu0.1 released
focal	Fixed 2.64.6-1~ubuntu20.04.2 released
bionic	Fixed 2.56.4-0ubuntu0.18.04.7 released
xenial	Fixed 2.48.2-0ubuntu4.7 released
trusty	needed

Known Exploits!

Common Weakness Enumeration

CWE-681 - Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References

https://gitlab.gnome.org/GNOME/glib/-/issues/2319

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/

https://security.gentoo.org/glsa/202107-13

https://security.netapp.com/advisory/ntap-20210319-0004/

https://gitlab.gnome.org/GNOME/glib/-/issues/2319

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/

https://security.gentoo.org/glsa/202107-13

https://security.netapp.com/advisory/ntap-20210319-0004/