CVE-2020-12825 - OpenCVE

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnome	Libcroco
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:gnome:libcroco:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
libcroco-0:0.6.12-6.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:4072	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 8
libcroco-0:0.6.12-4.el8_2.1	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:3654	2020-09-08T00:00:00Z

References

Link	Providers
http://www.openwall.com/lists/oss-security/2020/08/13/3
http://www.openwall.com/lists/oss-security/2020/09/08/3
https://gitlab.gnome.org/GNOME/libcroco/-/issues/8
https://nvd.nist.gov/vuln/detail/CVE-2020-12825
https://security.gentoo.org/glsa/202208-33
https://www.cve.org/CVERecord?id=CVE-2020-12825

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-05-12T17:30:57

Updated: 2024-08-04T12:04:22.885Z

Reserved: 2020-05-12T00:00:00

Link: CVE-2020-12825

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-05-12T18:15:13.553

Modified: 2022-10-27T01:04:45.603

Link: CVE-2020-12825

Redhat

Severity : Moderate

Publid Date: 2020-05-12T00:00:00Z

Links: CVE-2020-12825 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-21T04:08:52", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gitlab.gnome.org/GNOME/libcroco/-/issues/8"}, {"name": "[oss-security] 20200813 Re: Re: [FD] libcroco multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/08/13/3"}, {"name": "[oss-security] 20200908 Re: Re: [FD] libcroco multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/09/08/3"}, {"name": "GLSA-202208-33", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202208-33"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12825", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gitlab.gnome.org/GNOME/libcroco/-/issues/8", "refsource": "MISC", "url": "https://gitlab.gnome.org/GNOME/libcroco/-/issues/8"}, {"name": "[oss-security] 20200813 Re: Re: [FD] libcroco multiple vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/08/13/3"}, {"name": "[oss-security] 20200908 Re: Re: [FD] libcroco multiple vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/09/08/3"}, {"name": "GLSA-202208-33", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-33"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:04:22.885Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gitlab.gnome.org/GNOME/libcroco/-/issues/8"}, {"name": "[oss-security] 20200813 Re: Re: [FD] libcroco multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/08/13/3"}, {"name": "[oss-security] 20200908 Re: Re: [FD] libcroco multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/09/08/3"}, {"name": "GLSA-202208-33", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202208-33"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12825", "datePublished": "2020-05-12T17:30:57", "dateReserved": "2020-05-12T00:00:00", "dateUpdated": "2024-08-04T12:04:22.885Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:libcroco:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7943D0F-E836-4161-B0F2-23148B4FC0FF", "versionEndIncluding": "0.6.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption."}, {"lang": "es", "value": "libcroco versiones hasta 0.6.13, presenta una recursi\u00f3n excesiva en la funci\u00f3n cr_parser_parse_any_core en el archivo cr-parser.c, conllevando a un consumo de la pila."}], "id": "CVE-2020-12825", "lastModified": "2022-10-27T01:04:45.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-12T18:15:13.553", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/08/13/3"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/09/08/3"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://gitlab.gnome.org/GNOME/libcroco/-/issues/8"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-33"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4072", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libcroco-0:0.6.12-6.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:3654", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "libcroco-0:0.6.12-4.el8_2.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-09-08T00:00:00Z"}], "bugzilla": {"description": "libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c", "id": "1835377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1835377"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "status": "verified"}, "cwe": "CWE-674->CWE-121", "details": ["libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.", "A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability."], "mitigation": {"lang": "en:us", "value": "To mitigate this flaw as it applies to gnome-shell, do not install untrusted gnome-shell extensions or themes. Red Hat Enterprise Linux does not ship with gnome-shell themes that will trigger this vulnerability. To mitigate this flaw as it applies to inkscape, do not open untrusted CSS in inkscape."}, "name": "CVE-2020-12825", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "libcroco", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gettext", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "impact": "low", "package_name": "inkscape", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libcroco", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "gettext", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "impact": "low", "package_name": "inkscape", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gettext", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "impact": "low", "package_name": "inkscape", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "libcroco", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-05-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12825\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12825"], "statement": "While Red Hat Enterprise Linux 6, 7 and 8 ship versions of `libcroco` that are vulnerable to this flaw, the packages which use this library as a dependency would require a user to open a malicious file locally for exploitation. Opening such a file may result in a temporary crash of the application. See below for more detailed information:\n* Red Hat Enterprise Linux 8 - `libcroco` is a runtime dependency of `gnome-shell`, `gettext` and `inkscape`.\n* Red Hat Enterprise Linux 7 - `libcroco` is a runtime dependency of `gnome-shell`, `gettext`, `librsvg2` and `inkscape`.\n* Red Hat Enterprise Linux 6 - `libcroco` is required by `firefox` to bundle `gtk3` but `firefox` does not use `libcroco` as its CSS parsing engine or provide gtk3 to other packages, and thus not affected. `libcroco` is a runtime dependency of `inkscape`, `librsvg2` and `gettext`.\nThis flaw has only been demonstrated to cause a crash, but if there is any concern of further exploitation beyond that, Red Hat Enterprise Linux 6, 7, and 8 packages are built with a stack protector and stack ASLR which would significantly reduce the likelihood of further exploitation.", "threat_severity": "Moderate"}