GNOME Glade <=3.38.1/3.40.0 DoS via GladeGtkBox Rebuild: CVE-2020-36774 February 2024

plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).

Vulnerability Analysis

CVE-2020-36774 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2020-36774. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Weakness Type

Improper Control of a Resource Through its Lifetime

The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

Products Associated with CVE-2020-36774

Want to know whenever a new CVE is published for GNOME Glade? stack.watch will email you.

Exploit Probability

EPSS

0.03%

Percentile

6.92%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

GNOME Glade <=3.38.1/3.40.0 DoS via GladeGtkBox RebuildCVE-2020-36774 Published on February 19, 2024

Vulnerability Analysis

Weakness Type

Improper Control of a Resource Through its Lifetime

Products Associated with CVE-2020-36774

Exploit Probability

GNOME Glade <=3.38.1/3.40.0 DoS via GladeGtkBox Rebuild
CVE-2020-36774 Published on February 19, 2024