CVE-2003-0794

2003-11-1705:00:00

[email protected]

web.nvd.nist.gov

gdm

denial of service

cve-2003-0794

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.

Affected configurations

NVD

Node

gnomegdmMatch2.2.5.4

gnomegdmMatch2.4.1

gnomegdmMatch2.4.1.1

gnomegdmMatch2.4.1.2

gnomegdmMatch2.4.1.3

gnomegdmMatch2.4.1.4

gnomegdmMatch2.4.1.5

gnomegdmMatch2.4.1.6

gnomegdmMatch2.4.4

CPENameOperatorVersion
gnome:gdmgnome gdmeq2.2.5.4
gnome:gdmgnome gdmeq2.4.1
gnome:gdmgnome gdmeq2.4.1.1
gnome:gdmgnome gdmeq2.4.1.2
gnome:gdmgnome gdmeq2.4.1.3
gnome:gdmgnome gdmeq2.4.1.4
gnome:gdmgnome gdmeq2.4.1.5
gnome:gdmgnome gdmeq2.4.1.6
gnome:gdmgnome gdmeq2.4.4

CPE	Name	Operator	Version
gnome:gdm	gnome gdm	eq	2.2.5.4
gnome:gdm	gnome gdm	eq	2.4.1
gnome:gdm	gnome gdm	eq	2.4.1.1
gnome:gdm	gnome gdm	eq	2.4.1.2
gnome:gdm	gnome gdm	eq	2.4.1.3
gnome:gdm	gnome gdm	eq	2.4.1.4
gnome:gdm	gnome gdm	eq	2.4.1.5
gnome:gdm	gnome gdm	eq	2.4.1.6
gnome:gdm	gnome gdm	eq	2.4.4