Vulnerability-Lookup

WID-SEC-W-2024-1437

Vulnerability from csaf_certbund - Published: 2024-06-24 22:00 - Updated: 2025-04-07 22:00

Summary

Dell integrated Dell Remote Access Controller: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der integrierte Dell Remote Access Controller (iDRAC) ermöglicht eine Out-of-Band-Verwaltung auf bestimmten Dell-Servern.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Dell integrated Dell Remote Access Controller ausnutzen, um einen Denial of Service Angriff oder einen nicht spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Sonstiges

CVE-2023-29499

CVE-2024-38433

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://www.dell.com/support/kbdoc/de-de/00022635…	external
	https://www.dell.com/support/kbdoc/de-de/00022635…	external
	https://www.dell.com/support/kbdoc/de-de/00030493…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der integrierte Dell Remote Access Controller (iDRAC) erm\u00f6glicht eine Out-of-Band-Verwaltung auf bestimmten Dell-Servern.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Dell integrated Dell Remote Access Controller ausnutzen, um einen Denial of Service Angriff oder einen nicht spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1437 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1437.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1437 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1437"
      },
      {
        "category": "external",
        "summary": "Dell Security Update for iDRAC9 vom 2024-06-24",
        "url": "https://www.dell.com/support/kbdoc/de-de/000226353/dsa-2024-223-security-update-for-dell-idrac9-vulnerability"
      },
      {
        "category": "external",
        "summary": "Dell Security Update for iDRAC9 vom 2024-06-24",
        "url": "https://www.dell.com/support/kbdoc/de-de/000226356/dsa-2024-286-security-update-for-dell-idrac9-vulnerability"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-167 vom 2025-04-07",
        "url": "https://www.dell.com/support/kbdoc/de-de/000304933/dsa-2025-167-security-update-for-dell-avamar-data-store-gen5a-multiple-third-party-component-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Dell integrated Dell Remote Access Controller: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-07T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-08T11:48:16.074+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-1437",
      "initial_release_date": "2024-06-24T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-06-24T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-04-07T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Gen5a \u003cHotfix 338868",
                "product": {
                  "name": "Dell Avamar Gen5a \u003cHotfix 338868",
                  "product_id": "T042429"
                }
              },
              {
                "category": "product_version",
                "name": "Gen5a Hotfix 338868",
                "product": {
                  "name": "Dell Avamar Gen5a Hotfix 338868",
                  "product_id": "T042429-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:avamar:gen5a__hotfix_338868"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Avamar"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.00.00.172",
                "product": {
                  "name": "Dell integrated Dell Remote Access Controller \u003c7.00.00.172",
                  "product_id": "T035628"
                }
              },
              {
                "category": "product_version",
                "name": "7.00.00.172",
                "product": {
                  "name": "Dell integrated Dell Remote Access Controller 7.00.00.172",
                  "product_id": "T035628-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:dell:idrac:7.00.00.172"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.10.50.00",
                "product": {
                  "name": "Dell integrated Dell Remote Access Controller \u003c7.10.50.00",
                  "product_id": "T035629"
                }
              },
              {
                "category": "product_version",
                "name": "7.10.50.00",
                "product": {
                  "name": "Dell integrated Dell Remote Access Controller 7.10.50.00",
                  "product_id": "T035629-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:dell:idrac:7.10.50.00"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.00.00.171",
                "product": {
                  "name": "Dell integrated Dell Remote Access Controller \u003c7.00.00.171",
                  "product_id": "T035630"
                }
              },
              {
                "category": "product_version",
                "name": "7.00.00.171",
                "product": {
                  "name": "Dell integrated Dell Remote Access Controller 7.00.00.171",
                  "product_id": "T035630-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:dell:idrac:7.00.00.171"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.10.30.00",
                "product": {
                  "name": "Dell integrated Dell Remote Access Controller \u003c7.10.30.00",
                  "product_id": "T035631"
                }
              },
              {
                "category": "product_version",
                "name": "7.10.30.00",
                "product": {
                  "name": "Dell integrated Dell Remote Access Controller 7.10.30.00",
                  "product_id": "T035631-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:dell:idrac:7.10.30.00"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "integrated Dell Remote Access Controller"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-29499",
      "product_status": {
        "known_affected": [
          "T035629",
          "T035628",
          "T042429",
          "T035631",
          "T035630"
        ]
      },
      "release_date": "2024-06-24T22:00:00.000+00:00",
      "title": "CVE-2023-29499"
    },
    {
      "cve": "CVE-2024-38433",
      "product_status": {
        "known_affected": [
          "T035629",
          "T035628",
          "T042429",
          "T035631",
          "T035630"
        ]
      },
      "release_date": "2024-06-24T22:00:00.000+00:00",
      "title": "CVE-2024-38433"
    }
  ]
}

CVE-2024-38433 (GCVE-0-2024-38433)

Vulnerability from cvelistv5 – Published: 2024-07-11 07:50 – Updated: 2024-08-02 04:12

Title

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness

Summary

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-305 - Authentication Bypass by Primary Weakness

Assigner

INCD

References

URL

Tags

https://www.gov.il/en/Departments/faq/cve_advisories

Impacted products

	Vendor	Product	Version
	Nuvoton	NPCM7xx (Poleg) BootBlock	Affected: All versions , < v10.10.19 (custom)

Date Public ?

2024-07-11 07:45

Credits

Ferdinand Nölscher of Google's OTS-HS Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:nuvoton:npcm7xx_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "npcm7xx_firmware",
            "vendor": "nuvoton",
            "versions": [
              {
                "lessThan": "v10.10.19",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38433",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T14:42:53.159606Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T14:42:56.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:24.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NPCM7xx (Poleg) BootBlock",
          "vendor": "Nuvoton",
          "versions": [
            {
              "lessThan": "v10.10.19",
              "status": "affected",
              "version": "All versions",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ferdinand N\u00f6lscher of Google\u0027s OTS-HS Team"
        }
      ],
      "datePublic": "2024-07-11T07:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003ch3\u003eNuvoton - CWE-305: Authentication Bypass by Primary Weakness\u003c/h3\u003e\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock\u003cp\u003e\u003c/p\u003e\u003cp\u003ereference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code\u003c/p\u003e\u003cp\u003eexecution.\u003c/p\u003e\n\n"
            }
          ],
          "value": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock\n\nreference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code\n\nexecution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-11T07:50:45.579Z",
        "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "shortName": "INCD"
      },
      "references": [
        {
          "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eUpgrade to v10.10.19\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "Upgrade to v10.10.19"
        }
      ],
      "source": {
        "advisory": "ILVN-2024-0171",
        "discovery": "UNKNOWN"
      },
      "title": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
    "assignerShortName": "INCD",
    "cveId": "CVE-2024-38433",
    "datePublished": "2024-07-11T07:50:45.579Z",
    "dateReserved": "2024-06-16T08:00:52.285Z",
    "dateUpdated": "2024-08-02T04:12:24.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29499 (GCVE-0-2023-29499)

Vulnerability from cvelistv5 – Published: 2023-09-14 19:06 – Updated: 2025-12-18 15:23

Title

Gvariant offset table entry size is not checked in is_normal()

Summary

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/security/cve/CVE-2023-29499	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2211828	issue-trackingx_refsource_REDHAT
	https://gitlab.gnome.org/GNOME/glib/-/issues/2794
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2023110…
	https://security.gentoo.org/glsa/202311-18

Impacted products

Vendor

Product

Version

n/a

glib2

Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Fedora	Extra Packages for Enterprise Linux
Fedora	Fedora 37
Fedora	Fedora 38
Fedora	Fedora 38
Fedora	Fedora 37

Date Public ?

2022-12-14 00:00

Credits

Upstream acknowledges William Manley as the original reporter.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:46.408Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-29499"
          },
          {
            "name": "RHBZ#2211828",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231103-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-18"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29499",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-18T15:23:31.856597Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-18T15:23:36.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "glib2",
          "vendor": "n/a"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "glib",
          "product": "Extra Packages for Enterprise Linux",
          "vendor": "Fedora"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "mingw-glib2",
          "product": "Fedora 37",
          "vendor": "Fedora"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Fedora 38",
          "vendor": "Fedora"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "mingw-glib2",
          "product": "Fedora 38",
          "vendor": "Fedora"
        },
        {
          "collectionURL": "https://packages.fedoraproject.org/",
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Fedora 37",
          "vendor": "Fedora"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Upstream acknowledges William Manley as the original reporter."
        }
      ],
      "datePublic": "2022-12-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-27T14:06:16.355Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-29499"
        },
        {
          "name": "RHBZ#2211828",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231103-0001/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-18"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-05-24T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2022-12-14T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Gvariant offset table entry size is not checked in is_normal()",
      "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-29499",
    "datePublished": "2023-09-14T19:06:17.810Z",
    "dateReserved": "2023-05-30T11:48:42.094Z",
    "dateUpdated": "2025-12-18T15:23:36.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-1437

CVE-2024-38433 (GCVE-0-2024-38433)

CVE-2023-29499 (GCVE-0-2023-29499)

Tags

Sightings

Nomenclature