CVE-2026-58014
NixOS Análise e mitigação de vulnerabilidades

Visão geral

CVE-2026-58014 is an off-by-one error in GNOME GLib's g_key_file_get_locale_string_list function within gkeyfile.c, triggered when loading a key file with an empty value. The flaw can cause an out-of-bounds memory access of 1 byte or a denial of service when the access crosses a page boundary. It affects GLib versions prior to 2.88.1, as well as Red Hat's glib2 and mingw-glib2 packages across multiple RHEL product lines. The vulnerability was reported on June 24, 2026, and publicly disclosed on June 30, 2026, with a CVSS v3.1 base score of 7.3 (High) (Github Advisory, Red Hat Bugzilla).

Detalhes técnicos

The root cause is a heap buffer under-read (CWE-193: Off-by-one Error) in g_key_file_get_locale_string_list() at gkeyfile.c:2464. When the resolved locale string value is an empty string (""), the function computes len = strlen(value) yielding 0, then accesses value[len - 1]. Because len is of type gsize (unsigned), the subtraction wraps to SIZE_MAX, causing a read of 1 byte before the heap allocation (a heap under-read). Any application that loads a key file from untrusted input — such as .desktop files or application configuration files — and calls g_key_file_get_locale_string_list() on a key with an empty value is affected. The attack vector is network-based, requires no authentication or user interaction, and has low attack complexity (Red Hat Bugzilla, Github Advisory).

Impacto

Successful exploitation can result in a denial of service if the out-of-bounds read crosses a page boundary, causing a crash of the affected application. If the access does not cross a page boundary, an attacker may be able to read or corrupt a small amount of adjacent heap memory, resulting in limited confidentiality and integrity impacts. The vulnerability affects any application using GLib to parse untrusted key files, which is a broad attack surface given GLib's widespread use in GNOME-based Linux environments and desktop application ecosystems (Github Advisory, Red Hat Bugzilla).

Etapas de exploração

  1. Identify target: Locate a network-accessible application or service that uses GLib to parse key files (e.g., .desktop files, application configuration files) from untrusted or user-supplied input.
  2. Craft malicious key file: Create a GLib key file containing a key whose locale-specific value is an empty string (e.g., [Section]\nKey[en]=).
  3. Deliver the payload: Supply the crafted key file to the target application via any available input channel — file upload, network protocol, or configuration interface — that causes the application to call g_key_file_get_locale_string_list() on the affected key.
  4. Trigger the bug: The function computes strlen("") = 0, then accesses value[0 - 1], which wraps to value[SIZE_MAX] due to unsigned integer underflow, causing a 1-byte heap under-read.
  5. Achieve impact: If the out-of-bounds access crosses a page boundary, the application crashes (denial of service). Otherwise, the attacker may read 1 byte of adjacent heap memory, potentially leaking sensitive data or causing memory corruption (Red Hat Bugzilla).

Indicadores de compromisso

  • Logs: Application crash logs or core dumps referencing g_key_file_get_locale_string_list or gkeyfile.c:2464; segmentation fault signals (SIGSEGV) in system logs from GLib-based applications.
  • Process: Unexpected termination or restart of GNOME desktop components or GLib-dependent services after processing external key files or .desktop files.
  • File System: Presence of unexpected or malformed .desktop files or GLib key files with empty locale values in application configuration directories (e.g., ~/.local/share/applications/, /usr/share/applications/).
  • Network: Unusual file uploads or configuration submissions to services that parse GLib key files, particularly those containing keys with empty values.

Mitigação e soluções alternativas

The primary remediation is to update GLib to version 2.88.1 or later, which contains the fix for this vulnerability. Red Hat users should apply updated glib2 and mingw-glib2 packages via their standard errata process once patches are released for affected RHEL versions. As a workaround, restrict network access to systems or services that parse untrusted key files, and validate/sanitize key file inputs to reject entries with empty values before passing them to GLib functions (Github Advisory, Red Hat Bugzilla).

Reações da comunidade

The vulnerability was assigned and disclosed by Red Hat's Product Security team, with the bug tracked in Red Hat Bugzilla. A brief automated post was noted on Bluesky via a CVE tracking account. No significant researcher commentary, vendor statements beyond Red Hat, or notable media coverage has been identified at this time (Red Hat Bugzilla).

Recursos adicionais


OrigemEste relatório foi gerado usando IA

Relacionado NixOS Vulnerabilidades:

CVE ID

Gravidade

Pontuação

Tecnologias

Nome do componente

Exploração do CISA KEV

Tem correção

Data de publicação

CVE-2026-14241CRITICAL9.8
  • NixOS logoNixOS
  • cpe:2.3:a:mozilla:firefox
NãoNãoJun 30, 2026
CVE-2026-58016CRITICAL9.1
  • NixOS logoNixOS
  • glib2
NãoSimJun 30, 2026
CVE-2026-58014HIGH8.6
  • NixOS logoNixOS
  • glib2
NãoSimJun 30, 2026
CVE-2026-58015HIGH7.5
  • NixOS logoNixOS
  • glib2-fam
NãoSimJun 30, 2026
CVE-2026-58374HIGH7.1
  • NixOS logoNixOS
  • hostapd
NãoNãoJun 30, 2026

Avaliação de vulnerabilidade gratuita

Compare sua postura de segurança na nuvem

Avalie suas práticas de segurança na nuvem em 9 domínios de segurança para comparar seu nível de risco e identificar lacunas em suas defesas.

Solicitar avaliação

Marque uma demonstração personalizada

Pronto para ver a Wiz em ação?

"A melhor experiência do usuário que eu já vi, fornece visibilidade total para cargas de trabalho na nuvem."
David EstlickCISO
"A Wiz fornece um único painel de vidro para ver o que está acontecendo em nossos ambientes de nuvem."
Adão FletcherDiretor de Segurança
"Sabemos que se a Wiz identifica algo como crítico, na verdade é."
Greg PoniatowskiChefe de Gerenciamento de Ameaças e Vulnerabilidades