CVE-2013-7273
CVE-2013-7273 is a low-severity vulnerability in Gnome Gnome Display Manager with a CVSS 2.0 base score of 2.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Low (CVSS 2.0 base score 2.1)
- EPSS exploit prediction: 0% (29th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Gnome Gnome Display Manager
- Published:
- Last modified:
Description
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
Frequently asked questions
- What is CVE-2013-7273?
- GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
- How severe is CVE-2013-7273?
- CVE-2013-7273 has a CVSS 2.0 base score of 2.1, rated low severity.
- Is CVE-2013-7273 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (29th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2013-7273?
- CVE-2013-7273 primarily affects Gnome Gnome Display Manager. In total, 16 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2013-7273?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2013-7273 published?
- CVE-2013-7273 was published on 2014-04-29 and last updated on 2026-06-17.
References
- http://www.openwall.com/lists/oss-security/2014/01/07/10
- http://www.openwall.com/lists/oss-security/2014/01/07/16
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338
- https://bugzilla.gnome.org/show_bug.cgi?id=704284
- https://bugzilla.redhat.com/show_bug.cgi?id=1050745
Affected products (16)
- cpe:2.3:a:gnome:gnome_display_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.1.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.1.91:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.1.92:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.3.92:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.3.92.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome_display_manager:3.4.0.1:*:*:*:*:*:*:*
More vulnerabilities in Gnome Gnome Display Manager
- CVE-2018-14424 — High (CVSS 7.8): The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are…
- CVE-2020-16125 — High (CVSS 7.2): gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service…
- CVE-2015-7496 — High (CVSS 7.2): GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding…
- CVE-2013-4169 — Medium (CVSS 6.9): GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a…
- CVE-2020-27837 — Medium (CVSS 6.4): A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it…
- CVE-2019-3825 — Medium (CVSS 6.3): A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could…