Описание
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
Отчет
This issue affects only the versions of glib2-2.59.1 and is fixed in version 2.59.2. The 2.59.1 was an unstable release and wasn't shipped with Red Hat Enterprise Linux 6, 7 and 8, hence Red Hat Enterprise Linux is not affected by this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | glib | Not affected | ||
| Red Hat Enterprise Linux 5 | glib2 | Not affected | ||
| Red Hat Enterprise Linux 6 | chromium-browser | Not affected | ||
| Red Hat Enterprise Linux 6 | firefox | Not affected | ||
| Red Hat Enterprise Linux 6 | glib2 | Not affected | ||
| Red Hat Enterprise Linux 6 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 7 | glib2 | Not affected | ||
| Red Hat Enterprise Linux 8 | glib2 | Not affected | ||
| Red Hat Enterprise Linux 8 | mingw-glib2 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.2 High
CVSS3
Связанные уязвимости
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent ...
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
EPSS
8.2 High
CVSS3