Vulnerability Details : CVE-2014-2980
Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-2980
- cpe:2.3:a:gnustep:base:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2980
1.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2980
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-2980
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2980
-
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&r2=37755&pathrev=37756
404 Not Found
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/92688
GNUStep Base gdomap denial of service CVE-2014-2980 Vulnerability Report
-
https://savannah.gnu.org/bugs/?41751
GNUstep - Bugs: bug #41751, gdomap's usage of syslog fails [Savannah]
-
http://www.securityfocus.com/bid/66992
gdomap Remote Denial of Service Vulnerability
-
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&r2=37755&pathrev=37756
404 Not FoundExploit;Patch
-
http://seclists.org/oss-sec/2014/q2/152
oss-sec: Re: CVE request / advisory: gdomap (GNUstep core package <= 1.24.6)
-
http://seclists.org/oss-sec/2014/q2/143
oss-sec: CVE request / advisory: gdomap (GNUstep core package <= 1.24.6)
Jump to