CVE-2014-2980

EUVD-2014-3002
Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
gnustepbase
𝑥
≤ 1.24.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gnustep-base
bookworm
1.28.1+really1.28.0-5
fixed
bullseye
1.27.0-3
fixed
sid
1.30.0-8
fixed
squeeze
no-dsa
trixie
1.30.0-8
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnustep-base
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
lucid
ignored
precise
ignored
quantal
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2014/q2/143
http://seclists.org/oss-sec/2014/q2/152
http://secunia.com/advisories/58104
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&r2=37755&pathrev=37756
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&r2=37755&pathrev=37756
http://www.securityfocus.com/bid/66992
https://exchange.xforce.ibmcloud.com/vulnerabilities/92688
https://savannah.gnu.org/bugs/?41751
http://seclists.org/oss-sec/2014/q2/143
http://seclists.org/oss-sec/2014/q2/152
http://secunia.com/advisories/58104
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&r2=37755&pathrev=37756
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&r2=37755&pathrev=37756
http://www.securityfocus.com/bid/66992
https://exchange.xforce.ibmcloud.com/vulnerabilities/92688
https://savannah.gnu.org/bugs/?41751