GNOME gvdb gvdb-builder.c gvdb_table_write_contents_async use after free

CVE-2019-25085

6.3MEDIUM

Key Information

Vendor: Gnome
Status: Gvdb
Vendor: CVE Published:; 26 December 2022

Summary

A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.

Affected Version(s)

gvdb =

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 8.8 to: 6.3 - (MEDIUM)
Aug 5, 2024
Risk change from: 8.8 to: 6.3 - (MEDIUM)
Feb 22, 2024
VulDB last update
Dec 26, 2022
Vulnerability Reserved.
Dec 26, 2022
VulDB entry created
Dec 26, 2022
Advisory disclosed
Dec 26, 2022
Vulnerability published.
Dec 26, 2022

Collectors

NVD DatabaseMitre Database