CVE-2019-25085 MEDIUM

CVE-2019-25085: GNOME gvdb gvdb-builder.c gvdb_table_write_contents_async use after free

Vendor Gnome
Product gvdb
Weakness CWE-416
Published December 26, 2022
Last update August 5, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.

Key dates

02Disclosure timeline

December 26, 2022 CVE published
August 5, 2024 Record updated