CVE-2020-36774 - Vulnerability Details - OpenCVE

plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00026.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:gnome:glade::::::::
	cpe:2.3:a:gnome:glade::::::::

No data.

No data.

Project Subscriptions

Vendors	Products
Gnome Subscribe	Glade Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17
https://gitlab.gnome.org/GNOME/glade/-/issues/479
https://nvd.nist.gov/vuln/detail/CVE-2020-36774
https://www.cve.org/CVERecord?id=CVE-2020-36774

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00018}`	epss `{'score': 0.00026}`

Wed, 07 May 2025 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gnome Gnome glade
CPEs		cpe:2.3:a:gnome:glade::::::::
Vendors & Products		Gnome Gnome glade

Wed, 04 Sep 2024 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-664
Metrics	cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-02-19T00:00:00

Updated: 2024-09-04T14:43:46.338Z

Reserved: 2024-02-19T00:00:00

Link: CVE-2020-36774

Vulnrichment

Updated: 2024-08-04T17:37:07.214Z

NVD

Status : Analyzed

Published: 2024-02-19T02:15:47.690

Modified: 2025-05-07T12:26:41.657

Link: CVE-2020-36774

Redhat

Severity : Low

Publid Date: 2024-02-19T00:00:00Z

Links: CVE-2020-36774 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-36774", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-04T14:43:46.338Z", "dateReserved": "2024-02-19T00:00:00", "datePublished": "2024-02-19T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-19T01:10:56.954921"}, "descriptions": [{"lang": "en", "value": "plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479"}, {"url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.214Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479", "tags": ["x_transferred"]}, {"url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-664", "lang": "en", "description": "CWE-664 Improper Control of a Resource Through its Lifetime"}]}], "affected": [{"vendor": "gnome", "product": "glade", "cpes": ["cpe:2.3:a:gnome:glade:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.38.1", "versionType": "custom"}, {"version": "3.39.0", "status": "affected", "lessThan": "3.40.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T14:39:16.571484Z", "id": "CVE-2020-36774", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T14:43:46.338Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479", "tags": ["x_transferred"]}, {"url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.214Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-36774", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T14:39:16.571484Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gnome:glade:*:*:*:*:*:*:*:*"], "vendor": "gnome", "product": "glade", "versions": [{"status": "affected", "version": "0", "lessThan": "3.38.1", "versionType": "custom"}, {"status": "affected", "version": "3.39.0", "lessThan": "3.40.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-664", "description": "CWE-664 Improper Control of a Resource Through its Lifetime"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T14:43:36.426Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479"}, {"url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17"}], "descriptions": [{"lang": "en", "value": "plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-19T01:10:56.954921"}}}, "cveMetadata": {"cveId": "CVE-2020-36774", "state": "PUBLISHED", "dateUpdated": "2024-09-04T14:43:46.338Z", "dateReserved": "2024-02-19T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-02-19T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:glade:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B73ECE1-9724-4939-8C18-E7FC122340D4", "versionEndExcluding": "3.38.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnome:glade:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA444AE8-4A62-4C66-A8A1-F7A65C6C681A", "versionEndExcluding": "3.40.0", "versionStartIncluding": "3.39.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash)."}, {"lang": "es", "value": "plugins/gtk+/glade-gtk-box.c en GNOME Glade anterior a 3.38.1 y 3.39.x anterior a 3.40.0 maneja mal la reconstrucci\u00f3n de widgets para GladeGtkBox, lo que provoca una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n)."}], "id": "CVE-2020-36774", "lastModified": "2025-05-07T12:26:41.657", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-19T02:15:47.690", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://gitlab.gnome.org/GNOME/glade/-/issues/479"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-664"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "glade: segmentation fault in glade_gtk_box_post_create()", "id": "2264839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264839"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-20", "details": ["plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).", "A flaw was found in Glade, where the glade_gtk_box_post_create() function in plugins/gtk+/glade-gtk-box.c mishandled widget rebuilding for GladeGtkBox, potentially leading to an application crash. This flaw allows a malicious user to cause a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-36774", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "glade3", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "glade", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "glade3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "glade", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "glade", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-36774\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36774"], "statement": "The identified flaw in Glade, specifically within the glade_gtk_box_post_create() function, is assessed as a low-severity issue rather than a moderate one due to several factors. Firstly, the flaw primarily manifests as a potential application crash, which, while disruptive, does not directly lead to the execution of arbitrary code or compromise of sensitive data. Additionally, exploitation of the vulnerability requires the ability to manipulate the Glade environment, limiting its practical impact to scenarios where the attacker already has sufficient access to the system. Furthermore, the flaw is constrained to a specific function within the GTK+ plugin for Glade, reducing its overall scope and potential for widespread impact across the application.", "threat_severity": "Low"}