CVE-2022-37290

GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
gnomenautilus
42.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nautilus
bookworm
43.2-1
fixed
bullseye
unimportant
sid
47.0-2
fixed
trixie
47.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
caja
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
needs-triage
nautilus
bionic
Fixed 1:3.26.4-0~ubuntu18.04.6
released
focal
Fixed 1:3.36.3-0ubuntu1.20.04.2
released
jammy
Fixed 1:42.2-0ubuntu2.1
released
kinetic
Fixed 1:43.0-1ubuntu2.1
released
lunar
Fixed 1:44~alpha-0ubuntu1
released
mantic
Fixed 1:44~alpha-0ubuntu1
released
noble
Fixed 1:44~alpha-0ubuntu1
released
trusty
ignored
xenial
not-affected
nemo
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gnome-shell-search-provider-nautilus
suse enterprise desktop 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise desktop 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise desktop 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise desktop 15 SP7
45.2.1-150600.1.4
fixed
suse enterprise sap 12 SP5
3.20.3-23.15.1
fixed
suse enterprise sap 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise sap 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise sap 15 SP7
45.2.1-150600.1.4
fixed
suse enterprise server 12 SP3
3.20.3-23.15.1
fixed
suse enterprise server 12 SP5
3.20.3-23.15.1
fixed
suse enterprise server 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise server 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise server 15 SP7
45.2.1-150600.1.4
fixed
libnautilus-extension1
suse enterprise desktop 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise desktop 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise desktop 15 SP6
41.5-150400.3.6.1
fixed
suse enterprise desktop 15 SP7
41.5-150400.3.6.1
fixed
suse enterprise sap 12 SP5
3.20.3-23.15.1
fixed
suse enterprise sap 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise sap 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP6
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP7
41.5-150400.3.6.1
fixed
suse enterprise server 12 SP3
3.20.3-23.15.1
fixed
suse enterprise server 12 SP5
3.20.3-23.15.1
fixed
suse enterprise server 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise server 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP6
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP7
41.5-150400.3.6.1
fixed
libnautilus-extension4
suse enterprise desktop 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise desktop 15 SP7
45.2.1-150600.1.4
fixed
suse enterprise sap 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise sap 15 SP7
45.2.1-150600.1.4
fixed
suse enterprise server 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise server 15 SP7
45.2.1-150600.1.4
fixed
nautilus
suse enterprise desktop 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise desktop 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise desktop 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise desktop 15 SP7
45.2.1-150600.1.4
fixed
suse enterprise sap 12 SP5
3.20.3-23.15.1
fixed
suse enterprise sap 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise sap 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise sap 15 SP7
45.2.1-150600.1.4
fixed
suse enterprise server 12 SP3
3.20.3-23.15.1
fixed
suse enterprise server 12 SP5
3.20.3-23.15.1
fixed
suse enterprise server 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise server 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise server 15 SP7
45.2.1-150600.1.4
fixed
nautilus-devel
suse enterprise desktop 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise desktop 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise desktop 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise desktop 15 SP7
45.2.1-150600.1.4
fixed
suse enterprise sap 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise sap 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise sap 15 SP7
45.2.1-150600.1.4
fixed
suse enterprise server 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise server 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise server 15 SP7
45.2.1-150600.1.4
fixed
nautilus-lang
suse enterprise desktop 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise desktop 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise desktop 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise desktop 15 SP7
45.2.1-150600.1.4
fixed
suse enterprise sap 12 SP5
3.20.3-23.15.1
fixed
suse enterprise sap 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise sap 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise sap 15 SP7
45.2.1-150600.1.4
fixed
suse enterprise server 12 SP3
3.20.3-23.15.1
fixed
suse enterprise server 12 SP5
3.20.3-23.15.1
fixed
suse enterprise server 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise server 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise server 15 SP7
45.2.1-150600.1.4
fixed
typelib-1_0-Nautilus-3_0
suse enterprise desktop 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise desktop 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise desktop 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise sap 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise sap 15 SP5
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP3
3.34.3-150200.4.6.1
fixed
suse enterprise server 15 SP4
41.5-150400.3.6.1
fixed
suse enterprise server 15 SP5
41.5-150400.3.6.1
fixed
typelib-1_0-Nautilus-4_0
suse enterprise desktop 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise desktop 15 SP7
45.2.1-150600.1.4
fixed
suse enterprise sap 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise sap 15 SP7
45.2.1-150600.1.4
fixed
suse enterprise server 15 SP6
45.2.1-150600.1.4
fixed
suse enterprise server 15 SP7
45.2.1-150600.1.4
fixed
Common Weakness Enumeration
References
https://gitlab.gnome.org/GNOME/nautilus/-/issues/2376
https://gitlab.gnome.org/GNOME/nautilus/-/merge_requests/1001
https://gitlab.gnome.org/GNOME/nautilus/-/tree/master
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PX5CVF4FAHFA6UNKHFBBLOP2NUMIQJAY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYPDZ7LBBUVU3WFK7DCGDFGK2GXTKGT5/
https://gitlab.gnome.org/GNOME/nautilus/-/issues/2376
https://gitlab.gnome.org/GNOME/nautilus/-/merge_requests/1001
https://gitlab.gnome.org/GNOME/nautilus/-/tree/master
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PX5CVF4FAHFA6UNKHFBBLOP2NUMIQJAY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYPDZ7LBBUVU3WFK7DCGDFGK2GXTKGT5/