gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-08T07:00:00

Updated: 2024-08-04T21:54:45.175Z

Reserved: 2019-03-08T00:00:00

Link: CVE-2019-9633

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-03-08T08:29:00.223

Modified: 2024-11-21T04:52:00.773

Link: CVE-2019-9633

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-01-29T00:00:00Z

Links: CVE-2019-9633 - Bugzilla