A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | glib2-0:2.80.4-4.el10_0.6 | * |
| Red Hat Enterprise Linux 8 | RedHat | glib2-0:2.56.4-166.el8_10 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | glib2-0:2.56.4-8.el8_2.2 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | glib2-0:2.56.4-10.el8_4.2 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | RedHat | glib2-0:2.56.4-10.el8_4.2 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | glib2-0:2.56.4-158.el8_6.2 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | glib2-0:2.56.4-158.el8_6.2 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | glib2-0:2.56.4-158.el8_6.2 | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | glib2-0:2.56.4-162.el8_8 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | glib2-0:2.56.4-162.el8_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | glib2-0:2.68.4-16.el9_6.2 | * |
| Red Hat Enterprise Linux 9 | RedHat | glib2-0:2.68.4-16.el9_6.2 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | glib2-0:2.68.4-5.el9_0.2 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | glib2-0:2.68.4-7.el9_2.2 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | glib2-0:2.68.4-14.el9_4.3 | * |
| Red Hat Insights proxy 1.5 | RedHat | insights-proxy/insights-proxy-container-rhel9:sha256:e54a5a5f9d69dd6a03e2bcd845e2202910a188d266d4a79b12c387ceffc36f2d | * |
| Red Hat OpenShift distributed tracing 3.6.1 | RedHat | rhosdt/jaeger-agent-rhel8:sha256:6a121606c51dfdbc691ede3d4ba9e97f7e200ae422fef0802a579c601b1b3ee6 | * |
| Red Hat OpenShift distributed tracing 3.6.1 | RedHat | rhosdt/jaeger-all-in-one-rhel8:sha256:d9ca4a9ec5bc8de23e4550387f822f19949cdfbc4aeeab20e07b206d92f4a426 | * |
| Red Hat OpenShift distributed tracing 3.6.1 | RedHat | rhosdt/jaeger-collector-rhel8:sha256:438037a860968172a29c12ef14353081a5fd45ffe2e5dcccd3ab5486a5824578 | * |
| Red Hat OpenShift distributed tracing 3.6.1 | RedHat | rhosdt/jaeger-es-index-cleaner-rhel8:sha256:d0ee4c371754848f57e6b7c5fcf716a7d830cd72b65b8aeb30e78a8e26b40548 | * |
| Red Hat OpenShift distributed tracing 3.6.1 | RedHat | rhosdt/jaeger-es-rollover-rhel8:sha256:57d3bf93431295f0d3c8747fe376cdb0a06dc344dd1d6b0c838f732bd920c73e | * |
| Red Hat OpenShift distributed tracing 3.6.1 | RedHat | rhosdt/jaeger-ingester-rhel8:sha256:1784f71c94bd42380b88033411db9bb912ad2f321a8a6d8d7c49e029263ef714 | * |
| Red Hat OpenShift distributed tracing 3.6.1 | RedHat | rhosdt/jaeger-operator-bundle:sha256:be3feca3b19ac609e5ef829887b6d03ca3c504163ed0f9e10b2410cdfb175b72 | * |
| Red Hat OpenShift distributed tracing 3.6.1 | RedHat | rhosdt/jaeger-query-rhel8:sha256:03f040cf94f7d8125f2e68bde45faa956dc9e70fef6307313e42af5de9bbfda0 | * |
| Red Hat OpenShift distributed tracing 3.6.1 | RedHat | rhosdt/jaeger-rhel8-operator:sha256:6f3b7f23a515ac140bdad844d60d96fecc79835a75b1d29a70f66df737f1b50c | * |
| Glib2.0 | Ubuntu | esm-infra/focal | * |
| Glib2.0 | Ubuntu | focal | * |
| Glib2.0 | Ubuntu | jammy | * |
| Glib2.0 | Ubuntu | noble | * |
| Glib2.0 | Ubuntu | oracular | * |
| Glib2.0 | Ubuntu | plucky | * |
| Glib2.0 | Ubuntu | upstream | * |