GNOME gvdb gvdb-builder.c gvdb_table_write_contents_async use after free
CVE-2019-25085
6.3MEDIUM
Summary
A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.
Affected Version(s)
gvdb =
CVSS V3.1
Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Risk change from: 8.8 to: 6.3 - (MEDIUM)
Risk change from: 8.8 to: 6.3 - (MEDIUM)
VulDB last update
Vulnerability Reserved.
VulDB entry created
Advisory disclosed
Vulnerability published.
Collectors
NVD DatabaseMitre Database