CVE-2020-35457
Summary
| CVE | CVE-2020-35457 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-14 23:15:00 UTC |
| Updated | 2023-11-07 03:21:00 UTC |
| Description | ** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented. |
Risk And Classification
Problem Types: CWE-787 | CWE-190
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2.65.3 · GNOME / GLib · GitLab | MISC | gitlab.gnome.org | Release Notes, Vendor Advisory |
| Segfaulting Integer Overflow in g_option_group_add_entries (#2197) · Issues · GNOME / GLib · GitLab | MISC | gitlab.gnome.org | Exploit, Vendor Advisory |
| goption: Add a precondition to avoid GOptionEntry list overflow (63c5b62f) · Commits · GNOME / GLib · GitLab | MISC | gitlab.gnome.org | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 670571 EulerOS Security Update for glib2 (EulerOS-SA-2021-2329)
- 670615 EulerOS Security Update for glib2 (EulerOS-SA-2021-2373)
- 670854 EulerOS Security Update for glib2 (EulerOS-SA-2021-2329)
- 670991 EulerOS Security Update for glib2 (EulerOS-SA-2021-2580)
- 900103 CBL-Mariner Linux Security Update for glib 2.58.0
- 901587 Common Base Linux Mariner (CBL-Mariner) Security Update for glib (6435-1)
- 903073 Common Base Linux Mariner (CBL-Mariner) Security Update for glib (3681)