GNOME gvdb gvdb-builder.c gvdb_table_write_contents_async use after free

A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

释放后使用

GNOME GVDB 资源管理错误漏洞

GVDB（GVariant Database）是GNOME开源的一种简单的数据库文件格式。以非常高效的查找方式存储从字符串到 GVariant 值的映射。 GNOME GVDB 存在资源管理错误漏洞，该漏洞源于其gvdb-builder.c文件的gvdb_table_write_contents_async函数的操作允许攻击者实现释放后重用。

N/A

N/A