nautilus: CVE-2022-37290 #4579

CamberLoid · 2023-06-14T07:26:30Z

CVE IDs

CVE-2022-37290

Other security advisory IDs

Ubuntu: https://ubuntu.com/security/notices/USN-5786-1

Description

GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.
See also:

Patches

https://gitlab.gnome.org/GNOME/nautilus/-/commit/75992c6797094413a546c5b4867b13450b2a1959
Or, update to 43.x, which may require the entire gnome update to 43

PoC(s)

N/A

Notes

This is a CVE with low severity. Processing of this will be squashed to the upcoming Roll-up topic

* Fix #4579 Signed-off-by: Camber Huang <camber@poi.science>

CamberLoid added the security Topic/issue involves a security issue/fixed label Jun 14, 2023

CamberLoid added this to the Semi-Annually Security Survey 2023H1 milestone Jun 14, 2023

CamberLoid mentioned this issue Jun 15, 2023

Semi-Annually Security Survey Tracker, 2023H1 #4575

Open

CamberLoid added the 2023H1 label Jun 15, 2023

CamberLoid self-assigned this Jul 12, 2023

CamberLoid added a commit that referenced this issue Jul 12, 2023

nautilus: fix CVE-2022-37290 by adapting upstream patch

2593a93

* Fix #4579 Signed-off-by: Camber Huang <camber@poi.science>

MingcongBai removed this from the Semi-Annually Security Survey 2023H1 milestone Mar 4, 2024

MingcongBai removed the 2023h1 label Mar 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nautilus: CVE-2022-37290 #4579

nautilus: CVE-2022-37290 #4579

CamberLoid commented Jun 14, 2023 •

edited

Loading

nautilus: CVE-2022-37290 #4579

nautilus: CVE-2022-37290 #4579

Comments

CamberLoid commented Jun 14, 2023 • edited Loading

CVE IDs

Other security advisory IDs

Description

Patches

PoC(s)

Notes

CamberLoid commented Jun 14, 2023 •

edited

Loading