CVE-2020-36774: 
NixOS vulnerability analysis and mitigation

CVE-2020-36774 affects GNOME Glade versions before 3.38.1 and 3.39.x before 3.40.0. The vulnerability exists in the plugins/gtk+/glade-gtk-box.c file where improper widget rebuilding for GladeGtkBox can lead to a denial of service through application crashes (NVD, GNOME Gitlab).

The vulnerability stems from improper handling of widget rebuilding in the GladeGtkBox component. Specifically, the issue occurs when widgets with construct properties, such as GtkMessageDialog, get rebuilt right after creation during project loading. The code incorrectly checked GLADE_CREATE_LOAD instead of using glade_project_is_loading() and failed to properly handle object disconnection during rebuilding (GNOME Commit). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability results in a denial of service condition through application crashes. The issue manifests when attempting to open certain UI files in the Glade application, causing immediate application termination (GNOME Gitlab).

The vulnerability has been fixed in GNOME Glade versions 3.38.1 and 3.40.0. The fix involves properly checking glade_project_is_loading() instead of GLADE_CREATE_LOAD and ensuring correct object disconnection during widget rebuilding (GNOME Commit).