CVE-2020-35457

Published: 14 December 2020

** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
glib2.0
Launchpad, Ubuntu, Debian
Upstream
Released (2.66.0-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(disputed)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(disputed)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(disputed)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(disputed)
Patches:
Upstream: https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d