CVE-2026-58013 - Vulnerability Details - OpenCVE

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Hummingbird

No data.

No data.

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-58013
https://bugzilla.redhat.com/show_bug.cgi?id=2492248
https://gitlab.gnome.org/GNOME/glib/-/issues/3925

History

Tue, 30 Jun 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.
Title		Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
First Time appeared		Redhat Redhat enterprise Linux Redhat hummingbird
Weaknesses		CWE-126
CPEs		cpe:/a:redhat:hummingbird:1 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat hummingbird
References		https://access.redhat.com/security/cve/CVE-2026-58013 https://bugzilla.redhat.com/show_bug.cgi?id=2492248 https://gitlab.gnome.org/GNOME/glib/-/issues/3925
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-06-30T12:57:34.902Z

Updated: 2026-06-30T14:38:17.519Z

Reserved: 2026-06-26T20:59:47.855Z

Link: CVE-2026-58013

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-58013", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-06-26T20:59:47.855Z", "datePublished": "2026-06-30T12:57:34.902Z", "dateUpdated": "2026-06-30T14:38:17.519Z"}, "containers": {"cna": {"title": "Glib: buffer over-read in glib/giochannel.c via \"g_io_channel_read_line_backend\"", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary."}], "affected": [{"vendor": "GNOME", "product": "GLib", "versions": [{"status": "affected", "version": "0", "lessThan": "2.88.1", "versionType": "semver"}], "packageName": "GLib", "collectionURL": "https://gitlab.gnome.org/GNOME/glib/", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mingw-glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mingw-glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mingw-glib2", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Hardened Images", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "glib2", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:hummingbird:1"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-58013", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492248", "name": "RHBZ#2492248", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3925"}], "datePublic": "2026-04-03T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "description": "Buffer Over-read", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-126: Buffer Over-read", "workarounds": [{"lang": "en", "value": "To mitigate this vulnerability, restrict any custom line terminator string passed to g_io_channel_set_line_term() to a maximum length of one byte before calling g_io_channel_read_line_backend(). Using the default line terminators will completely neutralize this issue."}], "timeline": [{"lang": "en", "time": "2026-06-24T16:49:18.947Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-03T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank linhlhq for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-30T14:38:17.519Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}}}