CVE-2020-36774 - Glade GtkBox Widget Rebuilding Vulnerability in GNOME Glade before 3.38.1 and 3.39.x before 3.40.: Denial of Service Exploit

A vulnerability in GNOME Glade, a prominent User Interface (UI) development application for the GNOME desktop environment, was recently discovered and has been assigned the Common Vulnerabilities and Exposures (CVE) number CVE-2020-36774. This vulnerability exists in the Glade GtkBox widget rebuilding process and may lead to a Denial of Service (DoS) attack, resulting in the application crash. Specifically, the issue is present in 'plugins/gtk+/glade-gtk-box.c' of GNOME Glade versions before 3.38.1 and 3.39.x before 3.40..

The code snippet illustrating the vulnerability can be found in 'plugins/gtk+/glade-gtk-box.c'

static void
glade_gtk_box_rebuild_children (...)
{
  ...
  /* Add new children. */
  for (list = widget->priv->packing_props; list; list = list->next)
    {
      GValue value = { , };
      glade_widget_pack_property_get_value (...) /* <-- crash here! */
      ...
    }
  ...
} 

In the above snippet, the improper handling of the Glade GtkBox widget rebuilding causes potential null-pointer dereference, which triggers a crash within the application.

Original References

1. GNOME Glade GitLab Repository: [https://gitlab.gnome.org/GNOME/glade]
2. Merged Commit for the Fix: [https://gitlab.gnome.org/GNOME/glade/-/commit/000714d]
3. CVE-2020-36774 Description: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36774]

Exploit Details

An attacker can exploit this vulnerability by crafting a malformed Glade Interface Definition (GLADE) file or a GTK Box Widget with malicious properties. Upon opening or importing the file, the vulnerable Glade application will attempt to rebuild the GtkBox widgets with the malicious data. This ultimately leads to a null pointer dereference and causes an application crash, achieving a Denial of Service (DoS) attack. This can be disruptive and even harmful to UI developers using the GNOME Glade application to build their user interfaces, as it could result in loss of work and productivity.

Mitigation

To protect against this vulnerability, users should promptly update their GNOME Glade application to the latest version - Glade 3.38.1 or 3.40. depending on the release branch. The security fix has been implemented in these updated versions, and they no longer contain the vulnerability in the Glade GtkBox widget rebuilding process.

Conclusion

CVE-2020-36774 is a significant vulnerability in GNOME Glade that can be exploited to cause a Denial of Service (DoS) attack on the application. It is crucial for users to understand the risk associated with this exploit and immediately update their GNOME Glade installation to the latest patched version - 3.38.1 or 3.40.. By effectively mitigating this vulnerability, UI developers can continue using the Glade application with confidence, knowing that their work is protected from potential attacks.

Timeline

Published on: 02/19/2024 02:15:00 UTC
Last modified on: 02/20/2024 19:50:00 UTC