Denial of Service Vulnerability in GNOME GLib 2.59.2
CVE-2019-9633

6.5MEDIUM

Key Information:

Vendor: Gnome
Status: Glib
Vendor: CVE Published:; 8 March 2019

Summary

In GNOME GLib version 2.59.2, a flaw exists in gio/gsocketclient.c that fails to keep the parent GTask active during the execution of connection attempts. This oversight can be exploited by remote attackers, leading to potential denial of service. Specifically, an attacker may craft a malicious web page that triggers mishandling within the g_socket_client_connected_callback, resulting in application crashes, and thereby disrupting the service provided by the affected application.

References

https://gitlab.gnome.org/GNOME/glib/issues/1649

x_refsource_MISC

http://www.securityfocus.com/bid/107391

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2019
Vulnerability Reserved
Mar 8, 2019