Input validation error in Glade

#VU87747 Input validation error in Glade

Published: 2024-03-22

Vulnerability identifier: #VU87747

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-36774

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Glade
Universal components / Libraries / Software for developers

Vendor: Gnome Development Team

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in plugins/gtk+/glade-gtk-box.c due to an error when handling widget rebuilding for GladeGtkBox. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Glade: 3.1.5 - 3.38.0

External links
http://gitlab.gnome.org/GNOME/glade/-/issues/479
http://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Glade

openEuler 20.03 LTS SP4 update for glade

openEuler update for glade

Denial of service in GNOME Glade