Excessive Recursion Vulnerability in libcroco Affects GNOME Products
CVE-2020-12825

7.1HIGH

Key Information:

Vendor

Gnome
Status
Libcroco
Vendor
CVE Published:
12 May 2020

What is CVE-2020-12825?

The libcroco library, used in various GNOME applications, contains a vulnerability that allows excessive recursion in the 'cr_parser_parse_any_core' function. This flaw can lead to significant stack consumption, potentially crashing the application or causing denial-of-service conditions. It impacts all versions of libcroco up to 0.6.13, underscoring the importance of prompt updates and security patches to mitigate this issue.

References

https://gitlab.gnome.org/GNOME/libcroco/-/issues/8
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2020/08/13/3
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2020/09/08/3
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.