CVE-2019-13351

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions JACK2 versions 1.9.1 through 1.9.12

Description The issue is related to a "double file descriptor close" problem in the posix/JackSocket.cpp file of libjack in JACK2. This occurs during a failed connection attempt when jackd2 is not running. The exploitation success depends on the multithreaded timing of the double close, which can lead to unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.

Recommendations For JACK2 versions 1.9.1 through 1.9.12, consider updating to a version that contains a fix for this issue, as the current version may be prone to information disclosure, crashes, or file corruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2019-1140

ALT-PU-2019-1141

ALT-PU-2019-4162

ALT-PU-2020-1924

ALT-PU-2021-1405

BDU:2025-12505

CVE-2019-13351

MGASA-2020-0476

USN-5656-1

Affected Products

Alt Linux

Astra Linux

Jack2

Ubuntu

CVE-2019-13351

Weakness Enumeration

Related Identifiers

Affected Products

References · 19