PT-2020-6933 · Gnome+2 · Gnome Glib+2

Published

2020-09-01

Updated

2024-08-04

CVE-2020-35457

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GNOME GLib versions prior to 2.65.3

Description The issue is related to an integer overflow in the g option group add entries() function of the Glib library. This could potentially lead to an out-of-bounds write. The exploitation of this issue may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service. The vendor has stated that this is not considered a security issue due to the standard pattern of callers providing a static list of option entries in a fixed number of calls to g option group add entries(), although this pattern is reportedly undocumented.

Recommendations For versions prior to 2.65.3, update to version 2.65.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the g option group add entries() function until a patch is available.

Exploit

Fix

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

ALT-PU-2020-2867

AZL-6435

BDU:2023-07623

CVE-2020-35457

OESA-2021-1106

Affected Products

Alt Linux

Astra Linux

Gnome Glib

PT-2020-6933 · Gnome+2 · Gnome Glib+2

CVE-2020-35457

Weakness Enumeration

Related Identifiers

Affected Products

References · 19