CVE-2026-58010 PUBLISHED

Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()

Assigner: redhat
Reserved: 26.06.2026 Published: 30.06.2026 Updated: 30.06.2026

A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVSS Score: 6.5

Product Status

Vendor GNOME
Product GLib
Versions Default: unaffected
  • affected from 0 to 2.86.5 (excl.)
  • affected from 0 to 2.88.1 (excl.)
Vendor Red Hat
Product Red Hat Enterprise Linux 10
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 10
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 6
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 7
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 9
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 9
Versions Default: affected
Vendor Red Hat
Product Red Hat Hardened Images
Versions Default: unaffected

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Credits

  • Red Hat would like to thank linhlhq for reporting this issue.

References

Problem Types

  • Buffer Over-read CWE