{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-36774", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-04T14:43:46.338Z", "dateReserved": "2024-02-19T00:00:00", "datePublished": "2024-02-19T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-19T01:10:56.954921"}, "descriptions": [{"lang": "en", "value": "plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479"}, {"url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.214Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479", "tags": ["x_transferred"]}, {"url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-664", "lang": "en", "description": "CWE-664 Improper Control of a Resource Through its Lifetime"}]}], "affected": [{"vendor": "gnome", "product": "glade", "cpes": ["cpe:2.3:a:gnome:glade:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.38.1", "versionType": "custom"}, {"version": "3.39.0", "status": "affected", "lessThan": "3.40.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T14:39:16.571484Z", "id": "CVE-2020-36774", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T14:43:46.338Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479", "tags": ["x_transferred"]}, {"url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.214Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-36774", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T14:39:16.571484Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gnome:glade:*:*:*:*:*:*:*:*"], "vendor": "gnome", "product": "glade", "versions": [{"status": "affected", "version": "0", "lessThan": "3.38.1", "versionType": "custom"}, {"status": "affected", "version": "3.39.0", "lessThan": "3.40.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-664", "description": "CWE-664 Improper Control of a Resource Through its Lifetime"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T14:43:36.426Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479"}, {"url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17"}], "descriptions": [{"lang": "en", "value": "plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-19T01:10:56.954921"}}}, "cveMetadata": {"cveId": "CVE-2020-36774", "state": "PUBLISHED", "dateUpdated": "2024-09-04T14:43:46.338Z", "dateReserved": "2024-02-19T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-02-19T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:glade:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B73ECE1-9724-4939-8C18-E7FC122340D4", "versionEndExcluding": "3.38.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:glade:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA444AE8-4A62-4C66-A8A1-F7A65C6C681A", "versionEndExcluding": "3.40.0", "versionStartIncluding": "3.39.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash)."}, {"lang": "es", "value": "plugins/gtk+/glade-gtk-box.c en GNOME Glade anterior a 3.38.1 y 3.39.x anterior a 3.40.0 maneja mal la reconstrucci\u00f3n de widgets para GladeGtkBox, lo que provoca una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n)."}], "id": "CVE-2020-36774", "lastModified": "2025-05-07T12:26:41.657", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-19T02:15:47.690", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-664"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "glade: segmentation fault in glade_gtk_box_post_create()", "id": "2264839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264839"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-20", "details": ["plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).", "A flaw was found in Glade, where the glade_gtk_box_post_create() function in plugins/gtk+/glade-gtk-box.c mishandled widget rebuilding for GladeGtkBox, potentially leading to an application crash. This flaw allows a malicious user to cause a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-36774", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "glade3", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "glade", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "glade3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "glade", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "glade", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-36774\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36774"], "statement": "The identified flaw in Glade, specifically within the glade_gtk_box_post_create() function, is assessed as a low-severity issue rather than a moderate one due to several factors. Firstly, the flaw primarily manifests as a potential application crash, which, while disruptive, does not directly lead to the execution of arbitrary code or compromise of sensitive data. Additionally, exploitation of the vulnerability requires the ability to manipulate the Glade environment, limiting its practical impact to scenarios where the attacker already has sufficient access to the system. Furthermore, the flaw is constrained to a specific function within the GTK+ plugin for Glade, reducing its overall scope and potential for widespread impact across the application.", "threat_severity": "Low"}