Описание
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).
A flaw was found in Glade, where the glade_gtk_box_post_create() function in plugins/gtk+/glade-gtk-box.c mishandled widget rebuilding for GladeGtkBox, potentially leading to an application crash. This flaw allows a malicious user to cause a denial of service.
Отчет
The identified flaw in Glade, specifically within the glade_gtk_box_post_create() function, is assessed as a low-severity issue rather than a moderate one due to several factors. Firstly, the flaw primarily manifests as a potential application crash, which, while disruptive, does not directly lead to the execution of arbitrary code or compromise of sensitive data. Additionally, exploitation of the vulnerability requires the ability to manipulate the Glade environment, limiting its practical impact to scenarios where the attacker already has sufficient access to the system. Furthermore, the flaw is constrained to a specific function within the GTK+ plugin for Glade, reducing its overall scope and potential for widespread impact across the application.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | glade3 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | glade | Out of support scope | ||
| Red Hat Enterprise Linux 7 | glade3 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | glade | Fix deferred | ||
| Red Hat Enterprise Linux 9 | glade | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x b ...
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).
EPSS
3.3 Low
CVSS3