CVE-2020-35457

7.8HIGH

Key Information:

Vendor
Gnome
Status
Glib
Vendor
CVE Published:
14 December 2020

Summary

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented

References

https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a98...
x_refsource_MISC
https://gitlab.gnome.org/GNOME/glib/-/issues/2197
x_refsource_MISC
https://gitlab.gnome.org/GNOME/glib/-/releases/2.65.3
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.