Bug 2149911 (CVE-2022-37290) - CVE-2022-37290 nautilus: NULL pointer dereference via pasting crafted zip file
Summary: CVE-2022-37290 nautilus: NULL pointer dereference via pasting crafted zip file
Keywords:
Status: NEW
Alias: CVE-2022-37290
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2149912 2150021 2150022 2150023
Blocks: 2149914
TreeView+ depends on / blocked
 
Reported: 2022-12-01 11:21 UTC by Marian Rehak
Modified: 2023-07-07 08:30 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference was found in the Nautilus package. This issue may lead to a crash via pasted ZIP archive
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Marian Rehak 2022-12-01 11:21:52 UTC 
A NULL pointer dereference via pasted ZIP archive may result in an application crash.

Reference:

https://gitlab.gnome.org/GNOME/nautilus/-/issues/2376
https://gitlab.gnome.org/GNOME/nautilus/-/merge_requests/1001
Comment 1 Marian Rehak 2022-12-01 11:22:12 UTC 
Created nautilus tracking bugs for this issue:

Affects: fedora-all [bug 2149912]
Comment 2 Marian Rehak 2022-12-01 15:05:08 UTC 
It was introduced during Nautilus 2.20 with commit https://gitlab.gnome.org/GNOME/nautilus/-/commit/469047a2a58430026d68a3b99b223b922b18b8d1
Comment 4 Marian Rehak 2022-12-02 12:36:44 UTC 
Changed severity rating to Low because "A successful exploit would give minimal consequences", see [1].

[1]   https://access.redhat.com/security/updates/classification
Comment 5 Fedora Update System 2023-01-25 02:35:19 UTC 
FEDORA-2023-f81ad89b81 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.