Regarding "CVE-2023-29499) GVariant offset table entry size is not checked in is_normal()"

Regarding the below issue discussion,

:ink - (CVE-2023-29499) GVariant offset table entry size is not checked in is_normal() (#2794) · Issues · GNOME / GLib · GitLab

Query,
What do we mean by “untrusted GVariant input”, I read on a post that dbus will not be affected since it only affects untrusted variant input.
Can anyone maybe help with an example or information to understand better ?

Is it possible to give a much more detailed explanation? As the term “untrusted input” seems
generic.

GVariant is a library API. Application developers can do anything with it. For example, you could design a client/server network API where client applications send GVariants to the server. Concrete example: eos-event-recorder-daemon sends GVariants to azafea-metrics-proxy.

As for D-Bus, I don’t myself understand the impact on D-Bus. Message brokers (dbus-daemon and dbus-broker) do not use GVariant, but GDBus certainly does. However, I do not know whether GDBus is vulnerable or not.

Lastly, reminder: there are more denial of service issues in GVariant, which have not been debugged or even reported yet. These older CVEs are not the last of them.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.