CVE-2010-1620

Name of the Vulnerable Software and Affected Versions GNUstep Base versions prior to 1.20.0 GNUstep Base versions prior to 1.20.1

Description The issue is related to an integer overflow in the load iface function in Tools/gdomap.c in gdomap, which might allow attackers to execute arbitrary code via a file or socket that provides configuration data with many entries, leading to a heap-based buffer overflow. Additionally, there are multiple vulnerabilities in the gnustep-base package that can lead to violations of confidentiality, integrity, and availability of protected information, and these can be exploited locally.

Recommendations For versions prior to 1.20.0, update to version 1.20.0 or later. For versions prior to 1.20.1, update to version 1.20.1 or later. As a temporary workaround, consider restricting access to the load iface function in Tools/gdomap.c until a patch is available.