CVE-2010-1620
published 2010-05-12CVE-2010-1620: Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute…
PriorityP430high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.66%
47.0th percentile
Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gnustep-base | < gnustep-base 1.19.3-2 (bookworm) | gnustep-base 1.19.3-2 (bookworm) |
| gnustep | gnustep_base | <= 1.19.3 | — |
| gnustep | gnustep_base | — | — |
| gnustep | gnustep_base | — | — |
| gnustep | gnustep_base | — | — |
| gnustep | gnustep_base | — | — |
| gnustep | gnustep_base | — | — |
| gnustep | gnustep_base | — | — |
| gnustep | gnustep_base | — | — |
| gnustep | gnustep_base | — | — |
| gnustep | gnustep_base | — | — |
| gnustep | gnustep_base | — | — |
| gnustep | gnustep_base | — | — |
| gnustep | gnustep_base | — | — |
| gnustep | gnustep_base | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-1620: gnustep-base - Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUst...
vendor_debian·2010·CVSS 7.2
CVE-2010-1620 [HIGH] CVE-2010-1620: gnustep-base - Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUst...
Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 1.19.3-2)
bullseye: resolved (fixed in 1.19.3-2)
forky: resolved (fixed in 1.19.3-2)
sid: resolved (fixed in 1.19.3-2)
trixie: resolved (fixed in 1.19.3-2)
GHSA
GHSA-3qjp-mpc4-r9xg: Integer overflow in the load_iface function in Tools/gdomap
ghsa_unreviewed·2022-05-17
CVE-2010-1620 [HIGH] GHSA-3qjp-mpc4-r9xg: Integer overflow in the load_iface function in Tools/gdomap
Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow.
OSV
CVE-2010-1620: Integer overflow in the load_iface function in Tools/gdomap
osv·2010-05-12·CVSS 7.2
CVE-2010-1620 [HIGH] CVE-2010-1620: Integer overflow in the load_iface function in Tools/gdomap
Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-1457 CVE-2010-1620 gnustep-base: multiple vulnerabilities in gdomap
bugzilla·2010-05-12·CVSS 4.9
CVE-2010-1457 [MEDIUM] CVE-2010-1457 CVE-2010-1620 gnustep-base: multiple vulnerabilities in gdomap
CVE-2010-1457 CVE-2010-1620 gnustep-base: multiple vulnerabilities in gdomap
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1620 to
the following vulnerability:
Name: CVE-2010-1620
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1620
Assigned: 20100429
Reference: MLIST:[oss-security] 20100507 Re: CVE Assignment (gnustep)
Reference: URL: http://marc.info/?l=oss-security&m=127325778527537&w=2
Reference: MLIST:[oss-security] 20100507 Re: CVE Assignment (gnustep)
Reference: URL: http://marc.info/?l=oss-security&m=127324274005709&w=2
Reference: CONFIRM: http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz
Reference: CONFIRM: http://savannah.gnu.org/bugs/?29755
Reference: CONFIRM: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336
Refe
Bugzilla
CVE-2010-1457 CVE-2010-1620 gnustep-base: multiple vulnerabilities in gdomap [fedora-all]
bugzilla·2010-05-12·CVSS 4.9
CVE-2010-1457 [MEDIUM] CVE-2010-1457 CVE-2010-1620 gnustep-base: multiple vulnerabilities in gdomap [fedora-all]
CVE-2010-1457 CVE-2010-1620 gnustep-base: multiple vulnerabilities in gdomap [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
Forr more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=591601
Please note: this issue
http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gzhttp://marc.info/?l=oss-security&m=127324274005709&w=2http://marc.info/?l=oss-security&m=127325778527537&w=2http://savannah.gnu.org/bugs/?29755http://secunia.com/advisories/39746http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gzhttp://marc.info/?l=oss-security&m=127324274005709&w=2http://marc.info/?l=oss-security&m=127325778527537&w=2http://savannah.gnu.org/bugs/?29755http://secunia.com/advisories/39746http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108
2010-05-12
Published