Dan-J-Rosenberg

**Name of the Vulnerable Software and Affected Versions** gnustep-base versions prior to 1.20.1 **Description** The issue concerns multiple vulnerabilities in the gnustep-base package that can lead to breaches in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. Specifically, a flaw in Tools/gdomap.c in gdomap in GNUstep Base before version 1.20.0 allows local users to read arbitrary files via certain options, which prints file contents in an error message. **Recommendations** For versions prior to 1.20.1, update to version 1.20.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the gdomap tool until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GNUstep Base versions prior to 1.20.0 GNUstep Base versions prior to 1.20.1 **Description** The issue is related to an integer overflow in the load iface function in Tools/gdomap.c in gdomap, which might allow attackers to execute arbitrary code via a file or socket that provides configuration data with many entries, leading to a heap-based buffer overflow. Additionally, there are multiple vulnerabilities in the gnustep-base package that can lead to violations of confidentiality, integrity, and availability of protected information, and these can be exploited locally. **Recommendations** For versions prior to 1.20.0, update to version 1.20.0 or later. For versions prior to 1.20.1, update to version 1.20.1 or later. As a temporary workaround, consider restricting access to the load iface function in Tools/gdomap.c until a patch is available.