CVE-2010-1620 - OpenCVE

Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnustep	Gnustep Base

Configuration 1 [-]

OR	cpe:2.3:a:gnustep:gnustep_base::::::::
	cpe:2.3:a:gnustep:gnustep_base:1.11.2:::::::*
	cpe:2.3:a:gnustep:gnustep_base:1.12.0:::::::*
	cpe:2.3:a:gnustep:gnustep_base:1.13.0:::::::*
	cpe:2.3:a:gnustep:gnustep_base:1.14.0:::::::*
	cpe:2.3:a:gnustep:gnustep_base:1.15.0:::::::*
	cpe:2.3:a:gnustep:gnustep_base:1.15.1:::::::*
	cpe:2.3:a:gnustep:gnustep_base:1.15.2:::::::*
	cpe:2.3:a:gnustep:gnustep_base:1.15.4:::::::*
	cpe:2.3:a:gnustep:gnustep_base:1.17.0:::::::*
	cpe:2.3:a:gnustep:gnustep_base:1.18.0:::::::*
	cpe:2.3:a:gnustep:gnustep_base:1.19.0:::::::*
	cpe:2.3:a:gnustep:gnustep_base:1.19.1:::::::*
	cpe:2.3:a:gnustep:gnustep_base:1.19.2:::::::*

No data.

References

Link	Providers
http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz
http://marc.info/?l=oss-security&m=127324274005709&w=2
http://marc.info/?l=oss-security&m=127325778527537&w=2
http://savannah.gnu.org/bugs/?29755
http://secunia.com/advisories/39746
http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336
https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-05-12T01:00:00Z

Updated: 2024-08-07T01:28:42.096Z

Reserved: 2010-04-29T00:00:00Z

Link: CVE-2010-1620

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2010-05-12T11:46:51.080

Modified: 2010-05-12T21:07:08.467

Link: CVE-2010-1620

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2010-05-12T01:00:00Z"}, "references": [{"name": "39746", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39746"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://savannah.gnu.org/bugs/?29755"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz"}, {"name": "[oss-security] 20100507 Re: CVE Assignment (gnustep)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127325778527537&w=2"}, {"name": "[oss-security] 20100507 Re: CVE Assignment (gnustep)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127324274005709&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:28:42.096Z"}, "title": "CVE Program Container", "references": [{"name": "39746", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39746"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://savannah.gnu.org/bugs/?29755"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz"}, {"name": "[oss-security] 20100507 Re: CVE Assignment (gnustep)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127325778527537&w=2"}, {"name": "[oss-security] 20100507 Re: CVE Assignment (gnustep)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127324274005709&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-1620", "state": "PUBLISHED", "dateReserved": "2010-04-29T00:00:00Z", "datePublished": "2010-05-12T01:00:00Z", "dateUpdated": "2024-08-07T01:28:42.096Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnustep:gnustep_base:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D419B9A-A8AB-402E-8CC6-CF7475712052", "versionEndIncluding": "1.19.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "86EAF8AB-DF06-4E78-864A-AABB609E16A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D19B51A-B4E1-4918-B66C-CAADBDCC7E1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDED7FD1-D215-4A7B-8AB5-5AE0768F4D70", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE32DE90-EF3F-4BB5-9F88-A9AB81B0C9EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7A123E2-1929-42F2-89A4-B7F72ED1A9FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "FAC64F8D-670C-4148-A75A-BFE612CA2A33", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.15.2:*:*:*:*:*:*:*", "matchCriteriaId": "A90755C5-7070-4143-834F-FACDFFE4668E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.15.4:*:*:*:*:*:*:*", "matchCriteriaId": "1B5EE26C-539D-4B5D-9781-1A45C74A1F35", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "1DB4A798-E17F-4269-91CC-DD41448A12C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.18.0:*:*:*:*:*:*:*", "matchCriteriaId": "C79ABFE1-9A5E-4A20-B977-D203854BBC0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5AFAEDC-5517-4B20-B461-A841183246C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.19.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD0DF768-8DDB-44AB-A17D-D095A11BDCC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnustep:gnustep_base:1.19.2:*:*:*:*:*:*:*", "matchCriteriaId": "45AB091A-B185-4404-B022-A57E7780FE02", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow."}, {"lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n load_iface en Tools/gdomap.c en gdomap en GNUstep Base antes de v1.20.0 podr\u00eda permitir ejecutar c\u00f3digo arbitrario a atacantes (seg\u00fan contexto) a trav\u00e9s de un (1) archivo o un (2) socket que proporcione datos de configuraci\u00f3n con muchas entradas, lo que provoca un desbordamiento de b\u00fafer basado en mont\u00edculo.\r\n\r\n"}], "id": "CVE-2010-1620", "lastModified": "2010-05-12T21:07:08.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-05-12T11:46:51.080", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=127324274005709&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=127325778527537&w=2"}, {"source": "secalert@redhat.com", "url": "http://savannah.gnu.org/bugs/?29755"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39746"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}