Integer Overflow Vulnerability in GNOME GLib by GNOME
CVE-2020-35457

7.8HIGH

Key Information:

Vendor

Gnome
Status
Glib
Vendor
CVE Published:
14 December 2020

What is CVE-2020-35457?

GNOME GLib versions before 2.65.3 contain an integer overflow that can lead to out-of-bounds writes during the use of the g_option_group_add_entries function. Although the vendor considers this not to be a significant security concern due to the typical usage pattern being to provide a predefined static list of option entries, this pattern remains undocumented. Such an oversight may expose applications utilizing this function to potential unforeseen behaviors, emphasizing the need for developers to be vigilant about version updates.

References

https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a98...
x_refsource_MISC
https://gitlab.gnome.org/GNOME/glib/-/issues/2197
x_refsource_MISC
https://gitlab.gnome.org/GNOME/glib/-/releases/2.65.3
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.