CVE-2007-3381 — Improper Input Validation in GDM

CWE-20 — Improper Input Validation7 documents5 sources

Severity

1.5LOWNVD

EPSS

0.1%

top 76.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome GDM

Timeline

PublishedAug 7

Latest updateMay 1

Description

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 2.7 | Impact: 2.9

Affected Packages1 packages

▶NVDgnome/gdm2.14.12+34

🔴Vulnerability Details

GHSA

GHSA-gfgf-h5fj-26vx: The GDM daemon in GNOME Display Manager (GDM) before 2↗2022-05-01

▶

CVEList

CVE-2007-3381: The GDM daemon in GNOME Display Manager (GDM) before 2↗2007-08-07

▶

📋Vendor Advisories

Red Hat

Gdm denial of service↗2007-07-30

▶

💬Community

Bugzilla

CVE-2007-3381 Gdm denial of service↗2007-07-31

▶

Bugzilla

CVE-2007-3381 Gdm denial of service↗2007-07-31

▶

Bugzilla

CVE-2007-3381 Gdm denial of service↗2007-07-10

▶