Описание
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00083
Низкий
2.1 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
почти 22 года назад
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...
github
больше 3 лет назад
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
EPSS
Процентиль: 25%
0.00083
Низкий
2.1 Low
CVSS2
Дефекты
NVD-CWE-Other