WRITEUP

WRITEUP

Exploit for CVE-2019-25085 - GNOME gvdb - Use After Free

AI Analysis

This patch fixes a use-after-free vulnerability in GNOME's gvdb library, specifically in the `gvdb_table_write_contents_async` function. The issue arises from incorrect handling of the `str` buffer, which is freed before being used, leading to potential crashes or empty file writes.

Attack Type

DoS

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1210 - Exploitation of Remote Services

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/GNOME/gvdb/commit/d83587b2a364eb9a9a53be7e6a708074e252de14

Authors

Michael Catanzaro

Vulnerability

CVE-2019-25085

GNOME gvdb - Use After Free

MEDIUM

CVSS 6.3