#VU87747 Input validation error in glade - CVE-2020-36774

Cybersecurity Help s.r.o.

Published: 2024-03-22

Vulnerability identifier: #VU87747

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36774

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
glade

Vendor: Gnome Development Team

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in plugins/gtk+/glade-gtk-box.c due to an error when handling widget rebuilding for GladeGtkBox. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

glade: 3.1.5 - 3.38.0

External links
https://gitlab.gnome.org/GNOME/glade/-/issues/479
https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Glade

openEuler 20.03 LTS SP4 update for glade

openEuler update for glade

Denial of service in GNOME Glade