{"id":"CVE-2023-32636","details":"A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.","modified":"2026-03-14T12:05:27.867739Z","published":"2023-09-14T20:15:09.653Z","related":["ALSA-2024:2528","SUSE-SU-2023:3535-1"],"references":[{"type":"WEB","url":"https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20231110-0002/"},{"type":"REPORT","url":"https://gitlab.gnome.org/GNOME/glib/-/issues/2841"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/glib","events":[{"introduced":"0"},{"fixed":"e35768fe299d6389f8f5eef15593762389d2c07d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.74.4"}]}}],"versions":["2.20.0","2.20.1","2.21.1","2.21.2","2.21.3","2.21.4","2.21.5","2.21.6","2.22.0","2.22.2","2.23.0","2.23.1","2.23.2","2.23.3","2.23.4","2.23.5","2.23.6","2.24.0","2.25.0","2.25.10","2.25.11","2.25.12","2.25.13","2.25.14","2.25.15","2.25.2","2.25.3","2.25.4","2.25.5","2.25.6","2.25.8","2.25.9","2.27.0","2.27.1","2.27.2","2.27.3","2.27.5","2.27.90","2.27.91","2.27.92","2.27.93","2.28.0","2.29.10","2.29.12","2.29.14","2.29.16","2.29.18","2.29.2","2.29.4","2.29.6","2.29.8","2.29.90","2.31.0","2.31.10","2.31.12","2.31.14","2.31.16","2.31.18","2.31.2","2.31.20","2.31.22","2.31.4","2.31.6","2.31.8","2.32.0","2.32.1","2.33.1","2.33.10","2.33.12","2.33.14","2.33.2","2.33.3","2.33.4","2.33.6","2.33.8","2.34.0","2.35.1","2.35.2","2.35.3","2.35.4","2.35.6","2.35.7","2.35.8","2.35.9","2.36.0","2.37.0","2.37.1","2.37.2","2.37.3","2.37.4","2.37.5","2.37.6","2.37.7","2.37.92","2.37.93","2.38.0","2.39.0","2.39.1","2.39.2","2.39.3","2.39.4","2.39.90","2.39.91","2.39.92","2.41.1","2.41.2","2.41.3","2.41.4","2.41.5","2.42.0","2.43.0","2.43.1","2.43.2","2.43.3","2.43.4","2.43.90","2.43.91","2.43.92","2.45.1","2.45.2","2.45.3","2.45.4","2.45.5","2.45.6","2.45.7","2.45.8","2.46.0","2.47.1","2.47.2","2.47.3","2.47.4","2.47.5","2.47.6","2.47.92","2.48.0","2.49.1","2.49.2","2.49.3","2.49.4","2.49.5","2.49.6","2.49.7","2.50.0","2.50.1","2.51.0","2.51.1","2.51.2","2.51.3","2.51.4","2.51.5","2.52.0","2.53.1","2.53.2","2.53.3","2.53.4","2.53.5","2.53.6","2.53.7","2.54.0","2.55.0","2.55.1","2.56.0","2.57.1","2.57.2","2.57.3","2.58.0","2.59.0","2.59.1","2.59.2","2.59.3","2.60.0","2.61.0","2.61.1","2.61.2","2.61.3","2.62.0","2.63.0","2.63.1","2.63.2","2.63.3","2.63.4","2.63.5","2.63.6","2.64.0","2.65.0","2.65.1","2.65.2","2.65.3","2.66.0","2.67.0","2.67.1","2.67.2","2.67.3","2.67.4","2.67.5","2.67.6","2.68.0","2.69.0","2.69.1","2.69.2","2.69.3","2.70.0","2.71.0","2.71.1","2.71.2","2.71.3","2.72.0","2.73.0","2.73.1","2.73.2","2.73.3","2.74.0","2.74.1","2.74.2","2.74.3","FOR_GNOME_0_99_1","GLIB_1_1_0","GLIB_1_1_1","GLIB_1_1_10","GLIB_1_1_11","GLIB_1_1_12","GLIB_1_1_13","GLIB_1_1_14","GLIB_1_1_15","GLIB_1_1_16","GLIB_1_1_2","GLIB_1_1_3","GLIB_1_1_3a","GLIB_1_1_4","GLIB_1_1_5","GLIB_1_1_6","GLIB_1_1_7","GLIB_1_1_8","GLIB_1_1_8a","GLIB_1_1_9","GLIB_1_2_0","GLIB_1_2_9PRE1","GLIB_1_3_0","GLIB_1_3_1","GLIB_1_3_10","GLIB_1_3_11","GLIB_1_3_12","GLIB_1_3_13","GLIB_1_3_14","GLIB_1_3_15","GLIB_1_3_2","GLIB_1_3_3","GLIB_1_3_4","GLIB_1_3_5","GLIB_1_3_6","GLIB_1_3_7","GLIB_1_3_8","GLIB_1_3_9","GLIB_2_0_0","GLIB_2_0_0_RC1","GLIB_2_0_1","GLIB_2_10_0","GLIB_2_10_1","GLIB_2_11_0","GLIB_2_11_1","GLIB_2_11_2","GLIB_2_11_3","GLIB_2_11_4","GLIB_2_12_0","GLIB_2_12_1","GLIB_2_12_2","GLIB_2_13_0","GLIB_2_13_1","GLIB_2_13_2","GLIB_2_13_3","GLIB_2_13_5","GLIB_2_13_6","GLIB_2_13_7","GLIB_2_14_0","GLIB_2_14_1","GLIB_2_14_2","GLIB_2_14_3","GLIB_2_15_1","GLIB_2_15_2","GLIB_2_15_3","GLIB_2_15_4","GLIB_2_15_5","GLIB_2_15_6","GLIB_2_16_1","GLIB_2_17_0","GLIB_2_17_1","GLIB_2_17_2","GLIB_2_17_3","GLIB_2_17_4","GLIB_2_17_5","GLIB_2_17_6","GLIB_2_17_7","GLIB_2_18_0","GLIB_2_18_1","GLIB_2_19_0","GLIB_2_19_1","GLIB_2_19_10","GLIB_2_19_2","GLIB_2_19_3","GLIB_2_19_4","GLIB_2_19_5","GLIB_2_19_6","GLIB_2_19_7","GLIB_2_19_8","GLIB_2_19_9","GLIB_2_1_3","GLIB_2_1_4","GLIB_2_1_5","GLIB_2_20_0","GLIB_2_2_0","GLIB_2_3_0","GLIB_2_3_1","GLIB_2_3_2","GLIB_2_3_3","GLIB_2_3_5","GLIB_2_3_6","GLIB_2_4_0","GLIB_2_4_1","GLIB_2_5_0","GLIB_2_5_1","GLIB_2_5_2","GLIB_2_5_3","GLIB_2_5_5","GLIB_2_5_6","GLIB_2_6_0","GLIB_2_6_1","GLIB_2_7_0","GLIB_2_7_1","GLIB_2_7_2","GLIB_2_7_3","GLIB_2_7_4","GLIB_2_7_5","GLIB_2_7_6","GLIB_2_7_7","GLIB_2_8_0","GLIB_2_8_1","GLIB_2_9_0","GLIB_2_9_1","GLIB_2_9_2","GLIB_2_9_3","GLIB_2_9_4","GLIB_2_9_5","GLIB_2_9_6","GLIB_GNOME_0_99_1","GLIB_VERSION_1_1_3","GNOME_PRINT_0_24","GOBJECT_GType_guint","GTK_2_5_4","GTK_2_7_4","GTK_ALL_1_3_6","PRE_CLEANUP","R_2_0_core","glib-2-0-branchpoint","glib-2-10-branchpoint","glib-2-12-branchpoint","glib-2-2-branchpoint","glib-2-4-branchpoint","glib-2-6-branchpoint","glib-2.25.7","gobject_0_10_0","gobject_0_9_0","start"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32636.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}