{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-23T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-30T18:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "SUSE-SU-2015:1424", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165192"}, {"name": "SUSE-SU-2016:0470", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"}, {"name": "USN-2985-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2985-2"}, {"name": "GLSA-201602-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201602-02"}, {"name": "[libc-alpha] 20150223 [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html"}, {"name": "RHSA-2015:0327", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0327.html"}, {"name": "73038", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/73038"}, {"name": "DSA-3480", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3480"}, {"name": "USN-2985-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2985-1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:50.918Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2015:1424", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165192"}, {"name": "SUSE-SU-2016:0470", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"}, {"name": "USN-2985-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2985-2"}, {"name": "GLSA-201602-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201602-02"}, {"name": "[libc-alpha] 20150223 [PATCH] CVE-2014-8121: Fix nss_files file management [BZ#18007]", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html"}, {"name": "RHSA-2015:0327", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0327.html"}, {"name": "73038", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/73038"}, {"name": "DSA-3480", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3480"}, {"name": "USN-2985-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2985-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8121", "datePublished": "2015-03-27T14:00:00.000Z", "dateReserved": "2014-10-10T00:00:00.000Z", "dateUpdated": "2024-08-06T13:10:50.918Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4BC592E-17CC-4DD4-8B2C-CFD99383649C", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "E7A8195F-8126-47B7-8664-CF1EBF194BC6", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "7F622F0E-8D17-47E8-8F3C-A640C21544E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "103582CB-029E-4201-B391-897B49BE8DDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "9252BDA9-EC9D-49C7-8276-B3099CA75E05", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "57CAD5CA-C7C1-4567-8E5B-FCA4DA4D516D", "versionEndIncluding": "2.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset."}, {"lang": "es", "value": "DB_LOOKUP en nss_files/files-XXX.c en Name Service Switch (NSS) en GNU C Library (tambi\u00e9n conocida como glibc o libc6) 2.21 y versiones anteriores no comprueba correctamente si un archivo est\u00e1 abierto, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) realizando una b\u00fasqueda en una base de datos mientras itera sobre ella, lo que desencadena que el puntero al archivo sea reestablecido."}], "id": "CVE-2014-8121", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-27T14:59:03.353", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0327.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3480"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/73038"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2985-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2985-2"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165192"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201602-02"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0327.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/73038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2985-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2985-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165192"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201602-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-17"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Robin Hack (Red Hat).", "affected_release": [{"advisory": "RHSA-2015:0327", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "glibc-0:2.17-78.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "glibc: Unexpected closing of nss_files databases after lookups causes denial of service", "id": "1165192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165192"}, "csaw": false, "cvss": {"cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-835", "details": ["DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.", "It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service."], "name": "CVE-2014-8121", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2015-02-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8121\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8121"], "statement": "This issue affects the versions of glibc as shipped with Red Hat Enterprise Linux 6. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}

{}