GNOME GLib g_socket_client_connected_callback Mishandling Denial of Service Vulnerability



A vulnerability in the Glib component of GNOME could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is in the g_socket_client_connected_callback function in the source code file gio/gsocketclient.c and exists because the affected software fails to ensure that a parent GTask remains alive when executing connection-attempting enumeration. An attacker could exploit the vulnerability by persuading a user to access a link or file that submits malicious input to the affected software. A successful exploit could allow the attacker to cause a DoS condition on the system.

GNOME has confirmed the vulnerability and released software updates.

Security Impact Rating: Low

CVE: CVE-2019-9633

Source:: Cisco Multivendor Vulnerability Alerts