CVE-2010-1620 : Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow contex

Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow.

Published 2010-05-12 11:46:51

Updated 2010-05-12 21:07:08

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2010-1620

Probability of exploitation activity in the next 30 days: 0.13%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 47 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-1620

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-1620

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-1620

http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336

Exploit

CVEs referencing this url
http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz

Patch

CVEs referencing this url
http://marc.info/?l=oss-security&m=127324274005709&w=2

'Re: [oss-security] CVE Assignment (gnustep)' - MARC
http://savannah.gnu.org/bugs/?29755

GNUstep - Bugs: Exiting with Error [Savannah]

CVEs referencing this url
https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108

Bug #573108 “gdomap multiple local information disclosure vulner...” : Bugs : gnustep-base package : Ubuntu
Exploit

CVEs referencing this url
http://marc.info/?l=oss-security&m=127325778527537&w=2

'Re: [oss-security] CVE Assignment (gnustep)' - MARC

Products affected by CVE-2010-1620

Gnustep » Gnustep Base
Versions up to, including, (<=) 1.19.3
cpe:2.3:a:gnustep:gnustep_base:*:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.19.1
cpe:2.3:a:gnustep:gnustep_base:1.19.1:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.15.0
cpe:2.3:a:gnustep:gnustep_base:1.15.0:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.13.0
cpe:2.3:a:gnustep:gnustep_base:1.13.0:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.12.0
cpe:2.3:a:gnustep:gnustep_base:1.12.0:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.11.2
cpe:2.3:a:gnustep:gnustep_base:1.11.2:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.18.0
cpe:2.3:a:gnustep:gnustep_base:1.18.0:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.17.0
cpe:2.3:a:gnustep:gnustep_base:1.17.0:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.15.4
cpe:2.3:a:gnustep:gnustep_base:1.15.4:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.15.2
cpe:2.3:a:gnustep:gnustep_base:1.15.2:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.19.2
cpe:2.3:a:gnustep:gnustep_base:1.19.2:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.19.0
cpe:2.3:a:gnustep:gnustep_base:1.19.0:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.15.1
cpe:2.3:a:gnustep:gnustep_base:1.15.1:*:*:*:*:*:*:*
Matching versions
Gnustep » Gnustep Base » Version: 1.14.0
cpe:2.3:a:gnustep:gnustep_base:1.14.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-1620

Exploit prediction scoring system (EPSS) score for CVE-2010-1620

CVSS scores for CVE-2010-1620

CWE ids for CVE-2010-1620

References for CVE-2010-1620

Products affected by CVE-2010-1620