CVE-2014-2980
published 2014-04-28CVE-2014-2980: Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
1.70%
74.3th percentile
Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gnustep-base | < gnustep-base 1.24.6-1 (bookworm) | gnustep-base 1.24.6-1 (bookworm) |
| gnustep | base | <= 1.24.6 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
GNUstep Base 1.24.6 Daemon Mode input validation (Nessus ID 79973 / XFDB-92688)
vuldb·2026-05-12·CVSS 4.3
CVE-2014-2980 [MEDIUM] GNUstep Base 1.24.6 Daemon Mode input validation (Nessus ID 79973 / XFDB-92688)
A vulnerability, which was classified as problematic, was found in GNUstep Base 1.24.6. This vulnerability affects unknown code of the component Daemon Mode. Such manipulation leads to improper input validation.
This vulnerability is uniquely identified as CVE-2014-2980. The attack can be launched remotely. No exploit exists.
GHSA
GHSA-x7c6-24q2-hp35: Tools/gdomap
ghsa_unreviewed·2022-05-17
CVE-2014-2980 [MEDIUM] CWE-20 GHSA-x7c6-24q2-hp35: Tools/gdomap
Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.
OSV
CVE-2014-2980: Tools/gdomap
osv·2014-04-28·CVSS 4.3
CVE-2014-2980 [MEDIUM] CVE-2014-2980: Tools/gdomap
Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.
Debian
CVE-2014-2980: gnustep-base - Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon ...
vendor_debian·2014·CVSS 4.3
CVE-2014-2980 [MEDIUM] CVE-2014-2980: gnustep-base - Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon ...
Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.
Scope: local
bookworm: resolved (fixed in 1.24.6-1)
bullseye: resolved (fixed in 1.24.6-1)
forky: resolved (fixed in 1.24.6-1)
sid: resolved (fixed in 1.24.6-1)
trixie: resolved (fixed in 1.24.6-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-2980 gnustep-base: incorrect log handling leading to gdomap denial of service [fedora-all]
bugzilla·2014-04-22·CVSS 4.3
CVE-2014-2980 [MEDIUM] CVE-2014-2980 gnustep-base: incorrect log handling leading to gdomap denial of service [fedora-all]
CVE-2014-2980 gnustep-base: incorrect log handling leading to gdomap denial of service [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Pleas
Bugzilla
CVE-2014-2980 gnustep-base: incorrect log handling leading to gdomap denial of service
bugzilla·2014-04-22·CVSS 4.3
CVE-2014-2980 [MEDIUM] CVE-2014-2980 gnustep-base: incorrect log handling leading to gdomap denial of service
CVE-2014-2980 gnustep-base: incorrect log handling leading to gdomap denial of service
A flaw was found in the way GNUstep's gdomap (GNUstep Distributed Objects nameserver) handled logging. A remote attacker could send a crafted request to gdomap that would cause gdomap to abort. This issue affects version 1.24.6 and earlier versions.
Upstream bug: https://savannah.gnu.org/bugs/?41751
Upstream patch: http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&r2=37755&pathrev=37756
References:
http://seclists.org/oss-sec/2014/q2/143
Discussion:
Created gnustep-base tracking bugs for this issue:
Affects: fedora-all [bug 1089858]
Affects: epel-6 [bug 1089859]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a packa
Bugzilla
CVE-2014-2980 gnustep-base: incorrect log handling leading to gdomap denial of service [epel-6]
bugzilla·2014-04-22·CVSS 4.3
CVE-2014-2980 [MEDIUM] CVE-2014-2980 gnustep-base: incorrect log handling leading to gdomap denial of service [epel-6]
CVE-2014-2980 gnustep-base: incorrect log handling leading to gdomap denial of service [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel
http://seclists.org/oss-sec/2014/q2/143http://seclists.org/oss-sec/2014/q2/152http://secunia.com/advisories/58104http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&r2=37755&pathrev=37756http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&r2=37755&pathrev=37756http://www.securityfocus.com/bid/66992https://exchange.xforce.ibmcloud.com/vulnerabilities/92688https://savannah.gnu.org/bugs/?41751http://seclists.org/oss-sec/2014/q2/143http://seclists.org/oss-sec/2014/q2/152http://secunia.com/advisories/58104http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&r2=37755&pathrev=37756http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&r2=37755&pathrev=37756http://www.securityfocus.com/bid/66992https://exchange.xforce.ibmcloud.com/vulnerabilities/92688https://savannah.gnu.org/bugs/?41751
2014-04-28
Published