CVE-2020-12825 — Uncontrolled Recursion in Libcroco

CWE-674 — Uncontrolled Recursion CWE-121 — Stack-based Buffer Overflow13 documents8 sources

Severity

7.1HIGHNVD

OSV5.5

EPSS

3.7%

top 12.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Libcroco Msrc Cbl2 Libcroco 0.6.13-6 ON CBL Mariner 2.0

Timeline

PublishedMay 12

Latest updateAug 13

Description

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages3 packages

▶Ubuntugnome/libcroco< 0.6.13-1ubuntu0.1+3

▶NVDgnome/libcroco0.6.13

▶msrcmsrc/cbl2_libcroco_0.6.13-6_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

libcroco vulnerabilities↗2024-08-13

▶

GHSA

GHSA-23x2-xqxm-pxwj: libcroco through 0↗2022-05-24

▶

OSV

libcroco vulnerabilities↗2022-04-26

▶

OSV

CVE-2020-12825: libcroco through 0↗2020-05-12

▶

CVEList

CVE-2020-12825: libcroco through 0↗2020-05-12

▶

📋Vendor Advisories

Ubuntu

Libcroco vulnerabilities↗2024-08-13

▶

Ubuntu

Libcroco vulnerabilities↗2022-04-26

▶

Red Hat

libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c↗2020-05-12

▶

Microsoft

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.↗2020-05-12

▶

💬Community

Bugzilla

CVE-2020-12825 libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c [fedora-all]↗2020-05-13

▶

Bugzilla

CVE-2020-12825 libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c↗2020-05-13

▶

Bugzilla

CVE-2020-12825 mingw-libcroco: libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c [fedora-all]↗2020-05-13

▶