CVE-2026-58013 PUBLISHED

Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"

Assigner: redhat
Reserved: 26.06.2026 Published: 30.06.2026 Updated: 30.06.2026

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVSS Score: 6.5

Product Status

Vendor GNOME
Product GLib
Versions Default: unaffected
  • affected from 0 to 2.88.1 (excl.)
Vendor Red Hat
Product Red Hat Enterprise Linux 10
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 10
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 6
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 7
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 9
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 9
Versions Default: affected
Vendor Red Hat
Product Red Hat Hardened Images
Versions Default: unaffected

Workarounds

To mitigate this vulnerability, restrict any custom line terminator string passed to g_io_channel_set_line_term() to a maximum length of one byte before calling g_io_channel_read_line_backend(). Using the default line terminators will completely neutralize this issue.

Credits

  • Red Hat would like to thank linhlhq for reporting this issue.

References

Problem Types

  • Buffer Over-read CWE