CVE-2024-6655 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7 HIGH	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
redhat	CNA	7 HIGH	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Debian Releases

Debian Product

Codename

gtk+2.0

bullseye	2.24.33-2+deb11u1 fixed
bookworm	2.24.33-2+deb12u1 fixed
trixie	2.24.33-7 fixed
forky	2.24.33-9 fixed
sid	2.24.33-9 fixed

gtk+3.0

bullseye	3.24.24-4+deb11u4 fixed
bookworm	3.24.38-2~deb12u3 fixed
trixie	3.24.49-3 fixed
forky	3.24.51-1 fixed
sid	3.24.51-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

gtk+2.0

questing	Fixed 2.24.33-5ubuntu1 released
plucky	Fixed 2.24.33-5ubuntu1 released
oracular	Fixed 2.24.33-5ubuntu1 released
noble	Fixed 2.24.33-4ubuntu1.1 released
mantic	ignored
jammy	Fixed 2.24.33-2ubuntu2.1 released
focal	Fixed 2.24.32-4ubuntu4.1 released
bionic	needs-triage
xenial	needs-triage

gtk+3.0

questing	Fixed 3.24.43-1ubuntu1 released
plucky	Fixed 3.24.43-1ubuntu1 released
oracular	Fixed 3.24.43-1ubuntu1 released
noble	Fixed 3.24.41-4ubuntu1.1 released
mantic	ignored
jammy	Fixed 3.24.33-1ubuntu2.2 released
focal	Fixed 3.24.20-0ubuntu1.2 released
bionic	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

https://access.redhat.com/errata/RHSA-2024:6963

https://access.redhat.com/errata/RHSA-2024:9184

https://access.redhat.com/security/cve/CVE-2024-6655

https://bugzilla.redhat.com/show_bug.cgi?id=2297098

https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b6176d42836d23c36a6ac410e807ec0a7a7#diff-content-e3fbe6480add9420b69f82374fb26ccac2c015a0

https://www.openwall.com/lists/oss-security/2024/09/09/1

http://www.openwall.com/lists/oss-security/2024/09/09/1

https://access.redhat.com/security/cve/CVE-2024-6655

https://bugzilla.redhat.com/show_bug.cgi?id=2297098

https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7361/diffs?commit_id=3bbf0b6176d42836d23c36a6ac410e807ec0a7a7#diff-content-e3fbe6480add9420b69f82374fb26ccac2c015a0