CVE-2020-35457: Integer Overflow
First published: Mon Dec 14 2020(Updated: )
** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME GLib | <2.65.3 | |
| <2.65.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this GNOME GLib issue?
The vulnerability ID of this GNOME GLib issue is CVE-2020-35457.
What is the severity level of CVE-2020-35457?
The severity level of CVE-2020-35457 is high with a CVSS score of 7.8.
What is the affected software of CVE-2020-35457?
The affected software of CVE-2020-35457 is GNOME GLib versions prior to 2.65.3.
What is the description of CVE-2020-35457?
CVE-2020-35457 is an integer overflow vulnerability in GNOME GLib that might lead to an out-of-bounds write in g_option_group_add_entries.
Is there a fix for CVE-2020-35457?
Yes, the fix for CVE-2020-35457 is available in version 2.65.3 of GNOME GLib.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- agent/status
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- status/disputed
- vendor/gnome
- canonical/gnome glib