Impact
The vulnerability arises from an off‑by‑one error in the gvs_tuple_is_normal function of GLib’s variant serialiser. The incorrect bounds check allows a single byte read beyond the allocated buffer during alignment padding verification. This out‑of‑bounds read can reveal one byte of memory content (minor information disclosure). If the read crosses a memory page boundary, a fault can trigger a crash, resulting in denial of service. The weakness is a classic buffer over‑read (CWE-126).
Affected Systems
Red Hat Enterprise Linux distributions 6 through 10 and the Hummingbird hardened images, as well as GNOME’s GLib package, are affected because they ship GLib bundles that contain the vulnerable code. The issue is present in GLib versions compiled for these operating systems and specifically impacts the glib/gvariant‑serialiser.c module within the package.
Risk and Exploitability
The CVSS base score of 6.5 indicates moderate severity. The EPSS score is not available, so the current exploitation probability is uncertain; nevertheless, the vulnerability is local or potentially remote depending on how the vulnerable function is exposed. As the flaw can lead to a deliberate memory disclosure and service interruption, it deserves timely mitigation. No patch or workable workaround has been released by Red Hat yet, and the vulnerability is not listed in the CISA KEV catalog.
OpenCVE Enrichment