Описание
A vulnerability was found in GNOME libgsf, affecting the gsf_base64_encode_simple function. The attack needs to be approached locally, and manipulation of the size argument can lead to use of an uninitialized variable.
Отчет
This CVE has been marked as Rejected by the assigning CNA. According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data" must have "len" valid bytes. The docs were updated to make that clear.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libgsf | Fix deferred | ||
| Red Hat Enterprise Linux 6 | libgsf | Fix deferred | ||
| Red Hat Enterprise Linux 7 | libgsf | Fix deferred | ||
| Red Hat Enterprise Linux 8 | libgsf | Fix deferred | ||
| Red Hat Enterprise Linux 9 | libgsf | Fix deferred |
Показывать по
Дополнительная информация
3.3 Low
CVSS3
Связанные уязвимости
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data" must have "len" valid bytes. The docs were updated to make that clear.
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data" must have "len" valid bytes. The docs were updated to make that clear.
A vulnerability was found in GNOME libgsf up to 1.14.53 and classified as problematic. Affected by this issue is the function gsf_base64_encode_simple. The manipulation of the argument size leads to use of uninitialized variable. The attack needs to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way.
Уязвимость функции gsf_base64_encode_simple библиотеки структурированных файлов The GNOME Project libgsf, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации
3.3 Low
CVSS3