// For flags

CVE-2014-8121

glibc: Unexpected closing of nss_files databases after lookups causes denial of service

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

DB_LOOKUP en nss_files/files-XXX.c en Name Service Switch (NSS) en GNU C Library (también conocida como glibc o libc6) 2.21 y versiones anteriores no comprueba correctamente si un archivo está abierto, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) realizando una búsqueda en una base de datos mientras itera sobre ella, lo que desencadena que el puntero al archivo sea reestablecido.

It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-10-10 CVE Reserved
  • 2015-03-05 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-11-06 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-17: DEPRECATED: Code
  • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Suse
Search vendor "Suse"
 Suse Linux Enterprise Desktop
Search vendor "Suse" for product "Suse Linux Enterprise Desktop"
 11
Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "11"
sp3
Affected
Suse
Search vendor "Suse"
 Suse Linux Enterprise Desktop
Search vendor "Suse" for product "Suse Linux Enterprise Desktop"
 11
Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "11"
sp4
Affected
Suse
Search vendor "Suse"
 Suse Linux Enterprise Server
Search vendor "Suse" for product "Suse Linux Enterprise Server"
 11.0
Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11.0"
sp3
Affected
Suse
Search vendor "Suse"
 Suse Linux Enterprise Server
Search vendor "Suse" for product "Suse Linux Enterprise Server"
 11.0
Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11.0"
sp3, vmware
Affected
Suse
Search vendor "Suse"
 Suse Linux Enterprise Server
Search vendor "Suse" for product "Suse Linux Enterprise Server"
 11.0
Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11.0"
sp4
Affected
Gnu
Search vendor "Gnu"
 Glibc
Search vendor "Gnu" for product "Glibc"
 <= 2.21
Search vendor "Gnu" for product "Glibc" and version " <= 2.21"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 15.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10"
-
Affected