CVE-2019-25085 — Use After Free in Gvariant Database

CWE-416 — Use After Free6 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 32.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gvariant Database Debian Epiphany-browser Debian Glib2.0 +2 more

Timeline

PublishedDec 26

Description

A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5gnome/gvdbn/a

▶NVDgnome/gvariant_database< 2019-06-27

▶debiandebian/glib2.0< epiphany-browser 3.34.1-1 (bookworm)

▶debiandebian/epiphany-browser< epiphany-browser 3.34.1-1 (bookworm)

▶msrcmsrc/azl3_dconf_0.40.0-2_on_azure_linux_3.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2019-25085: A vulnerability was found in GNOME gvdb↗2022-12-26

▶

GHSA

GHSA-362p-jc7p-cx87: A vulnerability was found in GNOME gvdb↗2022-12-26

▶

📋Vendor Advisories

Red Hat

gvdb: use after free issue was fixed in gvdb_table_write_contents_async()↗2022-12-26

▶

Microsoft

GNOME gvdb gvdb-builder.c gvdb_table_write_contents_async use after free↗2022-12-13

▶

Debian

CVE-2019-25085: epiphany-browser - A vulnerability was found in GNOME gvdb. It has been classified as critical. Thi...↗2019

▶