CVE-2019-25085
Published: 26 December 2022
A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.
Notes
Author | Note |
---|---|
mdeslaur | This issue was only present in gvdb for 6 days before it was fixed and didn't make its way into epiphany-browser or glib2.0 packages. |
Priority
Status
Package | Release | Status |
---|---|---|
epiphany-browser Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(3.28.6-0ubuntu1)
|
focal |
Not vulnerable
(3.36.4-0ubuntu2)
|
|
jammy |
Not vulnerable
|
|
kinetic |
Not vulnerable
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Released
(3.34.1-1)
|
|
xenial |
Not vulnerable
|
|
glib2.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(2.56.4-0ubuntu0.18.04.9)
|
focal |
Not vulnerable
(2.64.6-1~ubuntu20.04.4)
|
|
jammy |
Not vulnerable
(2.72.4-0ubuntu1)
|
|
kinetic |
Not vulnerable
|
|
trusty |
Not vulnerable
|
|
upstream |
Released
(2.66.0-1)
|
|
xenial |
Not vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |