
PEACH
Uma estrutura de isolamento de inquilino
CVE-2026-58016 is a state confusion vulnerability in GNOME GLib's D-Bus introspection XML parser that causes an unsigned integer underflow and out-of-bounds heap read, resulting in a denial of service. The flaw exists in the g_dbus_node_info_new_for_xml() function within gio/gdbusintrospection.c when processing malformed XML containing a <node> element nested inside <method>, <signal>, <property>, or <arg> elements. It affects GLib versions prior to 2.88.1, as well as Red Hat's glib2 and mingw-glib2 packages across multiple RHEL releases. Disclosed on June 30, 2026, it carries a CVSS v3.1 base score of 7.5 (High) (Github Advisory, Red Hat Bugzilla).
The root cause is an integer underflow (CWE-191) in the XML parser's state machine. When a <node> element is encountered nested inside elements such as <method>, the nested closing </node> tag resets the shared data->methods (or data->signals/data->properties) array to an empty state. When the outer closing tag subsequently calls parse_data_get_method(data, FALSE), it accesses pdata[len - 1] with len == 0, causing an unsigned integer underflow (0u - 1 = 0xFFFFFFFF) and a massive out-of-bounds heap read at an offset of approximately 0xFFFFFFFF * sizeof(gpointer) (~8 GB before the buffer). The attack vector is network-accessible, requires no authentication or user interaction, and low attack complexity, making it automatable (Red Hat Bugzilla, Github Advisory).
Successful exploitation causes the affected service or application using GLib's D-Bus introspection parser to crash, resulting in a denial of service. The impact is limited to availability — there is no confidentiality or integrity impact identified. Because GLib is a foundational library used widely across Linux desktop and server environments (including GNOME, systemd-adjacent services, and many applications), a crash in a D-Bus-consuming service could disrupt system functionality or require service restarts (Github Advisory, Red Hat Bugzilla).
g_dbus_node_info_new_for_xml() to parse D-Bus introspection XML from untrusted input (e.g., a D-Bus service that accepts XML from remote clients).<node> element improperly nested inside a <method>, <signal>, <property>, or <arg> element, for example:<node>
<interface name="com.example.Test">
<method name="Foo">
<node/>
</method>
</interface>
</node>g_dbus_node_info_new_for_xml().<node>, then attempts to access pdata[0xFFFFFFFF], triggering an out-of-bounds heap read and crashing the process.gdbus, GNOME services, or custom D-Bus daemons); journal entries with signals like SIGSEGV or SIGABRT from GLib-linked processes./var/lib/systemd/coredump/ or /tmp/.<node> elements nested within <method>, <signal>, <property>, or <arg> elements.Upgrade GLib to version 2.88.1 or later, which addresses this vulnerability. Red Hat users should apply updated glib2 and mingw-glib2 packages via errata when available from Red Hat. As a workaround, restrict D-Bus interface exposure to trusted networks or applications, and validate or sanitize D-Bus introspection XML input before passing it to g_dbus_node_info_new_for_xml() (Github Advisory, Red Hat Bugzilla).
Origem: Este relatório foi gerado usando IA
Avaliação de vulnerabilidade gratuita
Avalie suas práticas de segurança na nuvem em 9 domínios de segurança para comparar seu nível de risco e identificar lacunas em suas defesas.
Marque uma demonstração personalizada
"A melhor experiência do usuário que eu já vi, fornece visibilidade total para cargas de trabalho na nuvem."
"A Wiz fornece um único painel de vidro para ver o que está acontecendo em nossos ambientes de nuvem."
"Sabemos que se a Wiz identifica algo como crítico, na verdade é."