CVE-2014-8121
glibc: Unexpected closing of nss_files databases after lookups causes denial of service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
DB_LOOKUP en nss_files/files-XXX.c en Name Service Switch (NSS) en GNU C Library (también conocida como glibc o libc6) 2.21 y versiones anteriores no comprueba correctamente si un archivo está abierto, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) realizando una búsqueda en una base de datos mientras itera sobre ella, lo que desencadena que el puntero al archivo sea reestablecido.
It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-10 CVE Reserved
- 2015-03-05 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-17: DEPRECATED: Code
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/73038 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1165192 | 2024-08-06 | |
https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html | 2023-02-13 | |
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2015-0327.html | 2023-02-13 | |
http://www.debian.org/security/2016/dsa-3480 | 2023-02-13 | |
http://www.ubuntu.com/usn/USN-2985-1 | 2023-02-13 | |
http://www.ubuntu.com/usn/USN-2985-2 | 2023-02-13 | |
https://security.gentoo.org/glsa/201602-02 | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2014-8121 | 2015-03-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Suse Search vendor "Suse" | Suse Linux Enterprise Desktop Search vendor "Suse" for product "Suse Linux Enterprise Desktop" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "11" | sp3 |
Affected
| ||||||
Suse Search vendor "Suse" | Suse Linux Enterprise Desktop Search vendor "Suse" for product "Suse Linux Enterprise Desktop" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "11" | sp4 |
Affected
| ||||||
Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11.0 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11.0" | sp3 |
Affected
| ||||||
Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11.0 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11.0" | sp3, vmware |
Affected
| ||||||
Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11.0 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11.0" | sp4 |
Affected
| ||||||
Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | <= 2.21 Search vendor "Gnu" for product "Glibc" and version " <= 2.21" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10" | - |
Affected
|