Main Vulnerability Database Vulnerabilities #VU20506

Input validation error in Nautilus - CVE-2019-11461

Published: September 2, 2019

Vulnerability identifier: #VU20506

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-11461

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Gnome Development Team

Affected software:
Nautilus

Detailed vulnerability description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper filtering of the TIOCSTI ioctl on 64-bit systems. A local authenticated attacker can compromise the thumbnailer and escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal.

How to mitigate CVE-2019-11461

Install updates from vendor's website.

Sources

https://gitlab.gnome.org/GNOME/nautilus/issues/987

Input validation error in Nautilus - CVE-2019-11461

Detailed vulnerability description

How to mitigate CVE-2019-11461

Sources

Please verify you're human