PT-2019-13284 · Jack2+3 · Jack2+3
Yasijop
·
Publicado
2019-01-29
·
Atualizado
2024-04-04
·
CVE-2019-13351
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JACK2 versions 1.9.1 through 1.9.12
Description
The issue is related to a "double file descriptor close" problem in the posix/JackSocket.cpp file of libjack in JACK2. This occurs during a failed connection attempt when jackd2 is not running. The exploitation success depends on the multithreaded timing of the double close, which can lead to unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.
Recommendations
For JACK2 versions 1.9.1 through 1.9.12, consider updating to a version that contains a fix for this issue, as the current version may be prone to information disclosure, crashes, or file corruption.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Double Free
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Astra Linux
Jack2
Ubuntu