CVE-2023-32636
CVE Details
Visit the official vulnerability details page for CVE-2023-32636 to learn more.
Initial Publication
10/25/2024
Last Update
10/25/2024
Third Party Dependency
glib2
NIST CVE Summary
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.
CVE Severity
Our Official Summary
This vulnerability is reported on several 3rd party images used by the product. We are waiting on an upstream fix from the vendor. If the vulnerability is exploited, impact is low for the products using these images.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.5.11 | Impacted | No Impact | Impacted | No Impact |
| 4.5.10 | Impacted | No Impact | Impacted | No Impact |
| 4.5.8 | Impacted | No Impact | Impacted | No Impact |
| 4.5.5 | Impacted | No Impact | Impacted | No Impact |
| 4.5.4 | Impacted | No Impact | Impacted | No Impact |
| 4.4.20 | Impacted | No Impact | Impacted | No Impact |
Revision History
| Date | Revision |
|---|---|
| 11/15/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11 |
| 11/15/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 |
| 11/13/2024 | Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20 |
| 11/10/2024 | Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8 |
| 10/27/2024 | Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5 |