GNOME gvdb gvdb-builder.c gvdb_table_write_contents_async use after free
CVE-2019-25085

6.3MEDIUM

Key Information:

Vendor
Gnome
Status
Gvdb
Vendor
CVE Published:
26 December 2022

Summary

A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.

Affected Version(s)

gvdb

References

https://vuldb.com/?id.216789
vdb-entrytechnical-description
https://vuldb.com/?ctiid.216789
signaturepermissions-required
https://github.com/GNOME/gvdb/commit/d83587b2a364eb9a9a53...
patch

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.