CVE-2019-13351
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor.
El archivo posix/JackSocket.cpp en libjack en JACK2 versión 1.9.1 hasta 1.9.12 (tal como es distribuido con alsa-plugins versión 1.1.7 y posteriores), presenta un problema de "double file descriptor close" durante un intento de conexión fallida cuando jackd2 no está ejecutándose. El éxito de la explotación depende de la sincronización de multihilado de ese cierre doble, que puede resultar en la divulgación de información no deseada, bloqueos, o corrupción del archivo debido a que el archivo incorrecto está asociado con el descriptor de archivo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-07-05 CVE Reserved
- 2019-07-05 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-11-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/xbmc/xbmc/issues/16258 | 2024-08-04 |
URL | Date | SRC |
---|---|---|
https://github.com/jackaudio/jack2/pull/480 | 2020-08-24 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Jackaudio Search vendor "Jackaudio" | Jack2 Search vendor "Jackaudio" for product "Jack2" | >= 1.9.1 <= 1.9.12 Search vendor "Jackaudio" for product "Jack2" and version " >= 1.9.1 <= 1.9.12" | - |
Affected
| ||||||
Alsa-project Search vendor "Alsa-project" | Alsa Search vendor "Alsa-project" for product "Alsa" | <= 1.1.7 Search vendor "Alsa-project" for product "Alsa" and version " <= 1.1.7" | - |
Affected
|