Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    48 vulnerabilities found for dbus by freedesktop

    CVE-2023-34969 (GCVE-0-2023-34969)

    Vulnerability from nvd – Published: 2023-06-08 00:00 – Updated: 2025-06-09 15:02
    VLAI
    Summary
    D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:17:04.235Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457"
              },
              {
                "name": "FEDORA-2023-d22162d9ba",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/"
              },
              {
                "name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3628-1] dbus security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231208-0007/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-11T19:00:29.894117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-404",
                    "description": "CWE-404 Improper Resource Shutdown or Release",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T15:02:51.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-08T19:06:18.886Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457"
            },
            {
              "name": "FEDORA-2023-d22162d9ba",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/"
            },
            {
              "name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3628-1] dbus security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231208-0007/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-34969",
        "datePublished": "2023-06-08T00:00:00.000Z",
        "dateReserved": "2023-06-08T00:00:00.000Z",
        "dateUpdated": "2025-06-09T15:02:51.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42012 (GCVE-0-2022-42012)

    Vulnerability from nvd – Published: 2022-10-09 00:00 – Updated: 2025-06-09 15:04
    VLAI
    Summary
    An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:56:39.232Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
              },
              {
                "name": "FEDORA-2022-076544c8aa",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
              },
              {
                "name": "FEDORA-2022-7a963a79d1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
              },
              {
                "name": "FEDORA-2022-b0c2f2ab74",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
              },
              {
                "name": "GLSA-202305-08",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202305-08"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42012",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-22T22:37:41.497410Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T15:04:43.166Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-03T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
            },
            {
              "name": "FEDORA-2022-076544c8aa",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
            },
            {
              "name": "FEDORA-2022-7a963a79d1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
            },
            {
              "name": "FEDORA-2022-b0c2f2ab74",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
            },
            {
              "name": "GLSA-202305-08",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202305-08"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-42012",
        "datePublished": "2022-10-09T00:00:00.000Z",
        "dateReserved": "2022-10-03T00:00:00.000Z",
        "dateUpdated": "2025-06-09T15:04:43.166Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42011 (GCVE-0-2022-42011)

    Vulnerability from nvd – Published: 2022-10-09 00:00 – Updated: 2025-06-09 15:05
    VLAI
    Summary
    An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-129 - Improper Validation of Array Index
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:56:39.236Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
              },
              {
                "name": "FEDORA-2022-076544c8aa",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
              },
              {
                "name": "FEDORA-2022-7a963a79d1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
              },
              {
                "name": "FEDORA-2022-b0c2f2ab74",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
              },
              {
                "name": "GLSA-202305-08",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202305-08"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42011",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-24T17:41:31.784494Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-129",
                    "description": "CWE-129 Improper Validation of Array Index",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T15:05:41.494Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-03T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
            },
            {
              "name": "FEDORA-2022-076544c8aa",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
            },
            {
              "name": "FEDORA-2022-7a963a79d1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
            },
            {
              "name": "FEDORA-2022-b0c2f2ab74",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
            },
            {
              "name": "GLSA-202305-08",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202305-08"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-42011",
        "datePublished": "2022-10-09T00:00:00.000Z",
        "dateReserved": "2022-10-03T00:00:00.000Z",
        "dateUpdated": "2025-06-09T15:05:41.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42010 (GCVE-0-2022-42010)

    Vulnerability from nvd – Published: 2022-10-09 00:00 – Updated: 2025-06-09 15:06
    VLAI
    Summary
    An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:56:39.269Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
              },
              {
                "name": "FEDORA-2022-076544c8aa",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
              },
              {
                "name": "FEDORA-2022-7a963a79d1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
              },
              {
                "name": "FEDORA-2022-b0c2f2ab74",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
              },
              {
                "name": "GLSA-202305-08",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202305-08"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42010",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-02T21:14:31.882463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-347",
                    "description": "CWE-347 Improper Verification of Cryptographic Signature",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T15:06:45.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-03T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
            },
            {
              "name": "FEDORA-2022-076544c8aa",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
            },
            {
              "name": "FEDORA-2022-7a963a79d1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
            },
            {
              "name": "FEDORA-2022-b0c2f2ab74",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
            },
            {
              "name": "GLSA-202305-08",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202305-08"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-42010",
        "datePublished": "2022-10-09T00:00:00.000Z",
        "dateReserved": "2022-10-03T00:00:00.000Z",
        "dateUpdated": "2025-06-09T15:06:45.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35512 (GCVE-0-2020-35512)

    Vulnerability from nvd – Published: 2021-02-15 16:08 – Updated: 2024-11-19 15:32
    VLAI
    Summary
    A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use-After-Free
    Assigner
    Impacted products
    Vendor Product Version
    n/a D-Bus Development branch Affected: <= 1.13.16 (Fixed: >= 1.13.18)
    n/a dbus-1.12.x stable branch Affected: <= 1.12.18 (Fixed: >= 1.12.20)
    n/a dbus-1.10.x and older branches (EOL) Affected: <= 1.10.30 (Fixed: 1.10.32)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:02:08.036Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.gentoo.org/755392"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-35512",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-19T15:31:25.634957Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-19T15:32:44.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "D-Bus Development branch",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 1.13.16 (Fixed: \u003e= 1.13.18)"
                }
              ]
            },
            {
              "product": "dbus-1.12.x stable branch",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 1.12.18 (Fixed: \u003e= 1.12.20)"
                }
              ]
            },
            {
              "product": "dbus-1.10.x and older branches (EOL)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 1.10.30 (Fixed: 1.10.32)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use-After-Free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-08T20:46:11.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.gentoo.org/755392"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2020-35512",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "D-Bus Development branch",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 1.13.16 (Fixed: \u003e= 1.13.18)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "dbus-1.12.x stable branch",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 1.12.18 (Fixed: \u003e= 1.12.20)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "dbus-1.10.x and older branches (EOL)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 1.10.30 (Fixed: 1.10.32)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use-After-Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.gentoo.org/755392",
                  "refsource": "MISC",
                  "url": "https://bugs.gentoo.org/755392"
                },
                {
                  "name": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128",
                  "refsource": "MISC",
                  "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
                },
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2020-35512",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-35512",
        "datePublished": "2021-02-15T16:08:39.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-11-19T15:32:44.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12049 (GCVE-0-2020-12049)

    Vulnerability from nvd – Published: 2020-06-08 00:00 – Updated: 2024-08-04 11:48
    VLAI
    Summary
    An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:48:57.950Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30"
              },
              {
                "name": "USN-4398-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4398-1/"
              },
              {
                "name": "USN-4398-2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4398-2/"
              },
              {
                "name": "GLSA-202007-46",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-46"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in dbus \u003e= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service\u0027s private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294"
            },
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3"
            },
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18"
            },
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30"
            },
            {
              "name": "USN-4398-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/4398-1/"
            },
            {
              "name": "USN-4398-2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/4398-2/"
            },
            {
              "name": "GLSA-202007-46",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202007-46"
            },
            {
              "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak"
            },
            {
              "url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-12049",
        "datePublished": "2020-06-08T00:00:00.000Z",
        "dateReserved": "2020-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:48:57.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12749 (GCVE-0-2019-12749)

    Vulnerability from nvd – Published: 2019-06-11 16:11 – Updated: 2026-02-13 19:57
    VLAI
    Summary
    dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    URL Tags
    https://www.openwall.com/lists/oss-security/2019/… x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2019/06/11/2 mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4015-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4015-2/ vendor-advisoryx_refsource_UBUNTU
    https://www.debian.org/security/2019/dsa-4462 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2019/Jun/16 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/108751 vdb-entryx_refsource_BID
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://access.redhat.com/errata/RHSA-2019:1726 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201909-08 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2019:2868 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2870 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3707 vendor-advisoryx_refsource_REDHAT
    https://security.netapp.com/advisory/ntap-2024120…
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-12-06T13:09:22.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2"
              },
              {
                "name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2"
              },
              {
                "name": "USN-4015-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4015-1/"
              },
              {
                "name": "USN-4015-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4015-2/"
              },
              {
                "name": "DSA-4462",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4462"
              },
              {
                "name": "20190613 [SECURITY] [DSA 4462-1] dbus security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/16"
              },
              {
                "name": "108751",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108751"
              },
              {
                "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html"
              },
              {
                "name": "FEDORA-2019-d5ded5326b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/"
              },
              {
                "name": "openSUSE-SU-2019:1604",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html"
              },
              {
                "name": "openSUSE-SU-2019:1671",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"
              },
              {
                "name": "RHSA-2019:1726",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1726"
              },
              {
                "name": "openSUSE-SU-2019:1750",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html"
              },
              {
                "name": "GLSA-201909-08",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201909-08"
              },
              {
                "name": "RHSA-2019:2868",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2868"
              },
              {
                "name": "RHSA-2019:2870",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2870"
              },
              {
                "name": "RHSA-2019:3707",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3707"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241206-0010/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-12749",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T19:57:51.850522Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T19:57:55.649Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T00:07:24.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2"
            },
            {
              "name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2"
            },
            {
              "name": "USN-4015-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4015-1/"
            },
            {
              "name": "USN-4015-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4015-2/"
            },
            {
              "name": "DSA-4462",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4462"
            },
            {
              "name": "20190613 [SECURITY] [DSA 4462-1] dbus security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/16"
            },
            {
              "name": "108751",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108751"
            },
            {
              "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html"
            },
            {
              "name": "FEDORA-2019-d5ded5326b",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/"
            },
            {
              "name": "openSUSE-SU-2019:1604",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html"
            },
            {
              "name": "openSUSE-SU-2019:1671",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"
            },
            {
              "name": "RHSA-2019:1726",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1726"
            },
            {
              "name": "openSUSE-SU-2019:1750",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html"
            },
            {
              "name": "GLSA-201909-08",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201909-08"
            },
            {
              "name": "RHSA-2019:2868",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2868"
            },
            {
              "name": "RHSA-2019:2870",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2870"
            },
            {
              "name": "RHSA-2019:3707",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3707"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-12749",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.openwall.com/lists/oss-security/2019/06/11/2",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2"
                },
                {
                  "name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2"
                },
                {
                  "name": "USN-4015-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4015-1/"
                },
                {
                  "name": "USN-4015-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4015-2/"
                },
                {
                  "name": "DSA-4462",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4462"
                },
                {
                  "name": "20190613 [SECURITY] [DSA 4462-1] dbus security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jun/16"
                },
                {
                  "name": "108751",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108751"
                },
                {
                  "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html"
                },
                {
                  "name": "FEDORA-2019-d5ded5326b",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/"
                },
                {
                  "name": "openSUSE-SU-2019:1604",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html"
                },
                {
                  "name": "openSUSE-SU-2019:1671",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"
                },
                {
                  "name": "RHSA-2019:1726",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:1726"
                },
                {
                  "name": "openSUSE-SU-2019:1750",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html"
                },
                {
                  "name": "GLSA-201909-08",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201909-08"
                },
                {
                  "name": "RHSA-2019:2868",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2868"
                },
                {
                  "name": "RHSA-2019:2870",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2870"
                },
                {
                  "name": "RHSA-2019:3707",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3707"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-12749",
        "datePublished": "2019-06-11T16:11:45.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2026-02-13T19:57:55.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-0245 (GCVE-0-2015-0245)

    Vulnerability from nvd – Published: 2015-02-13 15:00 – Updated: 2024-08-06 04:03
    VLAI
    Summary
    D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-02-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:03:10.538Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "openSUSE-SU-2015:0300",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html"
              },
              {
                "name": "DSA-3161",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3161"
              },
              {
                "name": "[oss-security] 20150209 CVE-2015-0245: denial of service in dbus \u003e= 1.4 systemd activation",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/02/09/6"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2015-0071.html"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-16T20:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "openSUSE-SU-2015:0300",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html"
            },
            {
              "name": "DSA-3161",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3161"
            },
            {
              "name": "[oss-security] 20150209 CVE-2015-0245: denial of service in dbus \u003e= 1.4 systemd activation",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/02/09/6"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2015-0071.html"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-0245",
        "datePublished": "2015-02-13T15:00:00.000Z",
        "dateReserved": "2014-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:03:10.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7824 (GCVE-0-2014-7824)

    Vulnerability from nvd – Published: 2014-11-18 15:00 – Updated: 2024-08-06 13:03
    VLAI
    Summary
    D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.openwall.com/lists/oss-security/2014/11/10/2 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/62603 third-party-advisoryx_refsource_SECUNIA
    http://advisories.mageia.org/MGASA-2014-0457.html x_refsource_CONFIRM
    https://bugs.freedesktop.org/show_bug.cgi?id=85105 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/71012 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-2425-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2014/dsa-3099 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2014-11-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:03:27.015Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
              },
              {
                "name": "62603",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/62603"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0457.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
              },
              {
                "name": "dbus-cve20147824-dos(98576)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
              },
              {
                "name": "71012",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/71012"
              },
              {
                "name": "USN-2425-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2425-1"
              },
              {
                "name": "DSA-3099",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3099"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
            },
            {
              "name": "62603",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/62603"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0457.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
            },
            {
              "name": "dbus-cve20147824-dos(98576)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
            },
            {
              "name": "71012",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/71012"
            },
            {
              "name": "USN-2425-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2425-1"
            },
            {
              "name": "DSA-3099",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3099"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-7824",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
                },
                {
                  "name": "62603",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/62603"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0457.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0457.html"
                },
                {
                  "name": "https://bugs.freedesktop.org/show_bug.cgi?id=85105",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
                },
                {
                  "name": "dbus-cve20147824-dos(98576)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
                },
                {
                  "name": "71012",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/71012"
                },
                {
                  "name": "USN-2425-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2425-1"
                },
                {
                  "name": "DSA-3099",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3099"
                },
                {
                  "name": "MDVSA-2015:176",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-7824",
        "datePublished": "2014-11-18T15:00:00.000Z",
        "dateReserved": "2014-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:03:27.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3636 (GCVE-0-2014-3636)

    Vulnerability from nvd – Published: 2014-10-25 20:00 – Updated: 2024-10-17 18:03
    VLAI
    Summary
    D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2352-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/61378 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/09/16/9 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1030864 vdb-entryx_refsource_SECTRACK
    https://bugs.freedesktop.org/show_bug.cgi?id=82820 x_refsource_CONFIRM
    http://advisories.mageia.org/MGASA-2014-0395.html x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-3026 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2014-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:18.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2352-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2352-1"
              },
              {
                "name": "openSUSE-SU-2014:1239",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
              },
              {
                "name": "61378",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61378"
              },
              {
                "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
              },
              {
                "name": "1030864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030864"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
              },
              {
                "name": "DSA-3026",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3026"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-3636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-26T17:04:09.265575Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T18:03:39.167Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-05-14T16:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2352-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2352-1"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "61378",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61378"
            },
            {
              "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
            },
            {
              "name": "1030864",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030864"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
            },
            {
              "name": "DSA-3026",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3026"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3636",
        "datePublished": "2014-10-25T20:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-10-17T18:03:39.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3639 (GCVE-0-2014-3639)

    Vulnerability from nvd – Published: 2014-09-22 15:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2352-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/61378 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/09/16/9 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1030864 vdb-entryx_refsource_SECTRACK
    https://bugs.freedesktop.org/show_bug.cgi?id=80919 x_refsource_CONFIRM
    http://secunia.com/advisories/61431 third-party-advisoryx_refsource_SECUNIA
    http://advisories.mageia.org/MGASA-2014-0395.html x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-3026 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2014-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:18.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2352-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2352-1"
              },
              {
                "name": "openSUSE-SU-2014:1239",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
              },
              {
                "name": "SUSE-SU-2014:1146",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
              },
              {
                "name": "61378",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61378"
              },
              {
                "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
              },
              {
                "name": "1030864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030864"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80919"
              },
              {
                "name": "61431",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61431"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
              },
              {
                "name": "DSA-3026",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3026"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-04T17:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2352-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2352-1"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "SUSE-SU-2014:1146",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
            },
            {
              "name": "61378",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61378"
            },
            {
              "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
            },
            {
              "name": "1030864",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030864"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80919"
            },
            {
              "name": "61431",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61431"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
            },
            {
              "name": "DSA-3026",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3026"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3639",
        "datePublished": "2014-09-22T15:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:18.243Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3638 (GCVE-0-2014-3638)

    Vulnerability from nvd – Published: 2014-09-22 15:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2352-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/61378 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/09/16/9 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1030864 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/61431 third-party-advisoryx_refsource_SECUNIA
    https://bugs.freedesktop.org/show_bug.cgi?id=81053 x_refsource_CONFIRM
    http://advisories.mageia.org/MGASA-2014-0395.html x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-3026 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2014-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:17.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2352-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2352-1"
              },
              {
                "name": "openSUSE-SU-2014:1239",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
              },
              {
                "name": "SUSE-SU-2014:1146",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
              },
              {
                "name": "61378",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61378"
              },
              {
                "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
              },
              {
                "name": "1030864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030864"
              },
              {
                "name": "61431",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61431"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
              },
              {
                "name": "DSA-3026",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3026"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-04T17:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2352-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2352-1"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "SUSE-SU-2014:1146",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
            },
            {
              "name": "61378",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61378"
            },
            {
              "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
            },
            {
              "name": "1030864",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030864"
            },
            {
              "name": "61431",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61431"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
            },
            {
              "name": "DSA-3026",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3026"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3638",
        "datePublished": "2014-09-22T15:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:17.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3637 (GCVE-0-2014-3637)

    Vulnerability from nvd – Published: 2014-09-22 15:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2352-1 vendor-advisoryx_refsource_UBUNTU
    https://bugs.freedesktop.org/show_bug.cgi?id=80559 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/61378 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/09/16/9 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1030864 vdb-entryx_refsource_SECTRACK
    http://advisories.mageia.org/MGASA-2014-0395.html x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-3026 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.openwall.com/lists/oss-security/2019/0… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2019/0… mailing-listx_refsource_MLIST
    Date Public
    2014-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:18.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2352-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2352-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80559"
              },
              {
                "name": "openSUSE-SU-2014:1239",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
              },
              {
                "name": "61378",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61378"
              },
              {
                "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
              },
              {
                "name": "1030864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030864"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
              },
              {
                "name": "DSA-3026",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3026"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              },
              {
                "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/24/13"
              },
              {
                "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/24/14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-25T02:06:06.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2352-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2352-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80559"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "61378",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61378"
            },
            {
              "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
            },
            {
              "name": "1030864",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030864"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
            },
            {
              "name": "DSA-3026",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3026"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            },
            {
              "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/24/13"
            },
            {
              "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/24/14"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3637",
        "datePublished": "2014-09-22T15:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:18.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3635 (GCVE-0-2014-3635)

    Vulnerability from nvd – Published: 2014-09-22 15:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2352-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    https://bugs.freedesktop.org/show_bug.cgi?id=83622 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://secunia.com/advisories/61378 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/09/16/9 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1030864 vdb-entryx_refsource_SECTRACK
    http://advisories.mageia.org/MGASA-2014-0395.html x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-3026 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2014-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:18.235Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2352-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2352-1"
              },
              {
                "name": "openSUSE-SU-2014:1239",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "61378",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61378"
              },
              {
                "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
              },
              {
                "name": "1030864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030864"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
              },
              {
                "name": "DSA-3026",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3026"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-16T20:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2352-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2352-1"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "61378",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61378"
            },
            {
              "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
            },
            {
              "name": "1030864",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030864"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
            },
            {
              "name": "DSA-3026",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3026"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3635",
        "datePublished": "2014-09-22T15:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:18.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3533 (GCVE-0-2014-3533)

    Vulnerability from nvd – Published: 2014-07-19 19:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/59798 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59611 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/60236 third-party-advisoryx_refsource_SECUNIA
    https://bugs.freedesktop.org/show_bug.cgi?id=80469 x_refsource_CONFIRM
    http://advisories.mageia.org/MGASA-2014-0294.html x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-2971 vendor-advisoryx_refsource_DEBIAN
    https://bugs.freedesktop.org/show_bug.cgi?id=79694 x_refsource_CONFIRM
    http://openwall.com/lists/oss-security/2014/07/02/4 mailing-listx_refsource_MLIST
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2014-07-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:16.803Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "59798",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59798"
              },
              {
                "name": "59611",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59611"
              },
              {
                "name": "openSUSE-SU-2014:1239",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
              },
              {
                "name": "60236",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60236"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "DSA-2971",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2971"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
              },
              {
                "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-12T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "59798",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59798"
            },
            {
              "name": "59611",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59611"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "60236",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60236"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "DSA-2971",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2971"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
            },
            {
              "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "59798",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59798"
                },
                {
                  "name": "59611",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59611"
                },
                {
                  "name": "openSUSE-SU-2014:1239",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
                },
                {
                  "name": "60236",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60236"
                },
                {
                  "name": "https://bugs.freedesktop.org/show_bug.cgi?id=80469",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0294.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "DSA-2971",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2971"
                },
                {
                  "name": "https://bugs.freedesktop.org/show_bug.cgi?id=79694",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
                },
                {
                  "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
                },
                {
                  "name": "MDVSA-2015:176",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3533",
        "datePublished": "2014-07-19T19:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:16.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3532 (GCVE-0-2014-3532)

    Vulnerability from nvd – Published: 2014-07-19 19:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/59798 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59611 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/60236 third-party-advisoryx_refsource_SECUNIA
    http://advisories.mageia.org/MGASA-2014-0294.html x_refsource_CONFIRM
    https://bugs.freedesktop.org/show_bug.cgi?id=80163 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-2971 vendor-advisoryx_refsource_DEBIAN
    http://openwall.com/lists/oss-security/2014/07/02/4 mailing-listx_refsource_MLIST
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2014-07-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:16.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "59798",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59798"
              },
              {
                "name": "59611",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59611"
              },
              {
                "name": "openSUSE-SU-2014:1239",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
              },
              {
                "name": "60236",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60236"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "DSA-2971",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2971"
              },
              {
                "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-12T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "59798",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59798"
            },
            {
              "name": "59611",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59611"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "60236",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60236"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "DSA-2971",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2971"
            },
            {
              "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3532",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "59798",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59798"
                },
                {
                  "name": "59611",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59611"
                },
                {
                  "name": "openSUSE-SU-2014:1239",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
                },
                {
                  "name": "60236",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60236"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0294.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0294.html"
                },
                {
                  "name": "https://bugs.freedesktop.org/show_bug.cgi?id=80163",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80163"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "DSA-2971",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2971"
                },
                {
                  "name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2014/07/02/4"
                },
                {
                  "name": "MDVSA-2015:176",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3532",
        "datePublished": "2014-07-19T19:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:16.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34969 (GCVE-0-2023-34969)

    Vulnerability from cvelistv5 – Published: 2023-06-08 00:00 – Updated: 2025-06-09 15:02
    VLAI
    Summary
    D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-404 - Improper Resource Shutdown or Release
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:17:04.235Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457"
              },
              {
                "name": "FEDORA-2023-d22162d9ba",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/"
              },
              {
                "name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3628-1] dbus security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231208-0007/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-11T19:00:29.894117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-404",
                    "description": "CWE-404 Improper Resource Shutdown or Release",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T15:02:51.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-08T19:06:18.886Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/457"
            },
            {
              "name": "FEDORA-2023-d22162d9ba",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/"
            },
            {
              "name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3628-1] dbus security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231208-0007/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-34969",
        "datePublished": "2023-06-08T00:00:00.000Z",
        "dateReserved": "2023-06-08T00:00:00.000Z",
        "dateUpdated": "2025-06-09T15:02:51.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42011 (GCVE-0-2022-42011)

    Vulnerability from cvelistv5 – Published: 2022-10-09 00:00 – Updated: 2025-06-09 15:05
    VLAI
    Summary
    An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-129 - Improper Validation of Array Index
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:56:39.236Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
              },
              {
                "name": "FEDORA-2022-076544c8aa",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
              },
              {
                "name": "FEDORA-2022-7a963a79d1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
              },
              {
                "name": "FEDORA-2022-b0c2f2ab74",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
              },
              {
                "name": "GLSA-202305-08",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202305-08"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42011",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-24T17:41:31.784494Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-129",
                    "description": "CWE-129 Improper Validation of Array Index",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T15:05:41.494Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-03T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
            },
            {
              "name": "FEDORA-2022-076544c8aa",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
            },
            {
              "name": "FEDORA-2022-7a963a79d1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
            },
            {
              "name": "FEDORA-2022-b0c2f2ab74",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
            },
            {
              "name": "GLSA-202305-08",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202305-08"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-42011",
        "datePublished": "2022-10-09T00:00:00.000Z",
        "dateReserved": "2022-10-03T00:00:00.000Z",
        "dateUpdated": "2025-06-09T15:05:41.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42012 (GCVE-0-2022-42012)

    Vulnerability from cvelistv5 – Published: 2022-10-09 00:00 – Updated: 2025-06-09 15:04
    VLAI
    Summary
    An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:56:39.232Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
              },
              {
                "name": "FEDORA-2022-076544c8aa",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
              },
              {
                "name": "FEDORA-2022-7a963a79d1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
              },
              {
                "name": "FEDORA-2022-b0c2f2ab74",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
              },
              {
                "name": "GLSA-202305-08",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202305-08"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42012",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-22T22:37:41.497410Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T15:04:43.166Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-03T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
            },
            {
              "name": "FEDORA-2022-076544c8aa",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
            },
            {
              "name": "FEDORA-2022-7a963a79d1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
            },
            {
              "name": "FEDORA-2022-b0c2f2ab74",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
            },
            {
              "name": "GLSA-202305-08",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202305-08"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-42012",
        "datePublished": "2022-10-09T00:00:00.000Z",
        "dateReserved": "2022-10-03T00:00:00.000Z",
        "dateUpdated": "2025-06-09T15:04:43.166Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42010 (GCVE-0-2022-42010)

    Vulnerability from cvelistv5 – Published: 2022-10-09 00:00 – Updated: 2025-06-09 15:06
    VLAI
    Summary
    An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:56:39.269Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
              },
              {
                "name": "FEDORA-2022-076544c8aa",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
              },
              {
                "name": "FEDORA-2022-7a963a79d1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
              },
              {
                "name": "FEDORA-2022-b0c2f2ab74",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
              },
              {
                "name": "GLSA-202305-08",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202305-08"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42010",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-02T21:14:31.882463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-347",
                    "description": "CWE-347 Improper Verification of Cryptographic Signature",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-09T15:06:45.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-03T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1"
            },
            {
              "name": "FEDORA-2022-076544c8aa",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"
            },
            {
              "name": "FEDORA-2022-7a963a79d1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"
            },
            {
              "name": "FEDORA-2022-b0c2f2ab74",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"
            },
            {
              "name": "GLSA-202305-08",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202305-08"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-42010",
        "datePublished": "2022-10-09T00:00:00.000Z",
        "dateReserved": "2022-10-03T00:00:00.000Z",
        "dateUpdated": "2025-06-09T15:06:45.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35512 (GCVE-0-2020-35512)

    Vulnerability from cvelistv5 – Published: 2021-02-15 16:08 – Updated: 2024-11-19 15:32
    VLAI
    Summary
    A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use-After-Free
    Assigner
    Impacted products
    Vendor Product Version
    n/a D-Bus Development branch Affected: <= 1.13.16 (Fixed: >= 1.13.18)
    n/a dbus-1.12.x stable branch Affected: <= 1.12.18 (Fixed: >= 1.12.20)
    n/a dbus-1.10.x and older branches (EOL) Affected: <= 1.10.30 (Fixed: 1.10.32)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:02:08.036Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.gentoo.org/755392"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-35512",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-19T15:31:25.634957Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-19T15:32:44.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "D-Bus Development branch",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 1.13.16 (Fixed: \u003e= 1.13.18)"
                }
              ]
            },
            {
              "product": "dbus-1.12.x stable branch",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 1.12.18 (Fixed: \u003e= 1.12.20)"
                }
              ]
            },
            {
              "product": "dbus-1.10.x and older branches (EOL)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 1.10.30 (Fixed: 1.10.32)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use-After-Free",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-08T20:46:11.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.gentoo.org/755392"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2020-35512",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "D-Bus Development branch",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 1.13.16 (Fixed: \u003e= 1.13.18)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "dbus-1.12.x stable branch",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 1.12.18 (Fixed: \u003e= 1.12.20)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "dbus-1.10.x and older branches (EOL)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= 1.10.30 (Fixed: 1.10.32)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use-After-Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.gentoo.org/755392",
                  "refsource": "MISC",
                  "url": "https://bugs.gentoo.org/755392"
                },
                {
                  "name": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128",
                  "refsource": "MISC",
                  "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
                },
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2020-35512",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-35512",
        "datePublished": "2021-02-15T16:08:39.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-11-19T15:32:44.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12049 (GCVE-0-2020-12049)

    Vulnerability from cvelistv5 – Published: 2020-06-08 00:00 – Updated: 2024-08-04 11:48
    VLAI
    Summary
    An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:48:57.950Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30"
              },
              {
                "name": "USN-4398-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4398-1/"
              },
              {
                "name": "USN-4398-2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4398-2/"
              },
              {
                "name": "GLSA-202007-46",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-46"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in dbus \u003e= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service\u0027s private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-12T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/294"
            },
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2020/06/04/3"
            },
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18"
            },
            {
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30"
            },
            {
              "name": "USN-4398-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/4398-1/"
            },
            {
              "name": "USN-4398-2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/4398-2/"
            },
            {
              "name": "GLSA-202007-46",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202007-46"
            },
            {
              "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak"
            },
            {
              "url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-12049",
        "datePublished": "2020-06-08T00:00:00.000Z",
        "dateReserved": "2020-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:48:57.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12749 (GCVE-0-2019-12749)

    Vulnerability from cvelistv5 – Published: 2019-06-11 16:11 – Updated: 2026-02-13 19:57
    VLAI
    Summary
    dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    URL Tags
    https://www.openwall.com/lists/oss-security/2019/… x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2019/06/11/2 mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4015-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4015-2/ vendor-advisoryx_refsource_UBUNTU
    https://www.debian.org/security/2019/dsa-4462 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2019/Jun/16 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/108751 vdb-entryx_refsource_BID
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://access.redhat.com/errata/RHSA-2019:1726 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201909-08 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2019:2868 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2870 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3707 vendor-advisoryx_refsource_REDHAT
    https://security.netapp.com/advisory/ntap-2024120…
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-12-06T13:09:22.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2"
              },
              {
                "name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2"
              },
              {
                "name": "USN-4015-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4015-1/"
              },
              {
                "name": "USN-4015-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4015-2/"
              },
              {
                "name": "DSA-4462",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4462"
              },
              {
                "name": "20190613 [SECURITY] [DSA 4462-1] dbus security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/16"
              },
              {
                "name": "108751",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108751"
              },
              {
                "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html"
              },
              {
                "name": "FEDORA-2019-d5ded5326b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/"
              },
              {
                "name": "openSUSE-SU-2019:1604",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html"
              },
              {
                "name": "openSUSE-SU-2019:1671",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"
              },
              {
                "name": "RHSA-2019:1726",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1726"
              },
              {
                "name": "openSUSE-SU-2019:1750",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html"
              },
              {
                "name": "GLSA-201909-08",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201909-08"
              },
              {
                "name": "RHSA-2019:2868",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2868"
              },
              {
                "name": "RHSA-2019:2870",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2870"
              },
              {
                "name": "RHSA-2019:3707",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3707"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20241206-0010/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-12749",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T19:57:51.850522Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T19:57:55.649Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T00:07:24.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2"
            },
            {
              "name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2"
            },
            {
              "name": "USN-4015-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4015-1/"
            },
            {
              "name": "USN-4015-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4015-2/"
            },
            {
              "name": "DSA-4462",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4462"
            },
            {
              "name": "20190613 [SECURITY] [DSA 4462-1] dbus security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/16"
            },
            {
              "name": "108751",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108751"
            },
            {
              "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html"
            },
            {
              "name": "FEDORA-2019-d5ded5326b",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/"
            },
            {
              "name": "openSUSE-SU-2019:1604",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html"
            },
            {
              "name": "openSUSE-SU-2019:1671",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"
            },
            {
              "name": "RHSA-2019:1726",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1726"
            },
            {
              "name": "openSUSE-SU-2019:1750",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html"
            },
            {
              "name": "GLSA-201909-08",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201909-08"
            },
            {
              "name": "RHSA-2019:2868",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2868"
            },
            {
              "name": "RHSA-2019:2870",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2870"
            },
            {
              "name": "RHSA-2019:3707",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3707"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-12749",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.openwall.com/lists/oss-security/2019/06/11/2",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2019/06/11/2"
                },
                {
                  "name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/06/11/2"
                },
                {
                  "name": "USN-4015-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4015-1/"
                },
                {
                  "name": "USN-4015-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4015-2/"
                },
                {
                  "name": "DSA-4462",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4462"
                },
                {
                  "name": "20190613 [SECURITY] [DSA 4462-1] dbus security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jun/16"
                },
                {
                  "name": "108751",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108751"
                },
                {
                  "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html"
                },
                {
                  "name": "FEDORA-2019-d5ded5326b",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/"
                },
                {
                  "name": "openSUSE-SU-2019:1604",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html"
                },
                {
                  "name": "openSUSE-SU-2019:1671",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"
                },
                {
                  "name": "RHSA-2019:1726",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:1726"
                },
                {
                  "name": "openSUSE-SU-2019:1750",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html"
                },
                {
                  "name": "GLSA-201909-08",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201909-08"
                },
                {
                  "name": "RHSA-2019:2868",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2868"
                },
                {
                  "name": "RHSA-2019:2870",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2870"
                },
                {
                  "name": "RHSA-2019:3707",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3707"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-12749",
        "datePublished": "2019-06-11T16:11:45.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2026-02-13T19:57:55.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-0245 (GCVE-0-2015-0245)

    Vulnerability from cvelistv5 – Published: 2015-02-13 15:00 – Updated: 2024-08-06 04:03
    VLAI
    Summary
    D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-02-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:03:10.538Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "openSUSE-SU-2015:0300",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html"
              },
              {
                "name": "DSA-3161",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3161"
              },
              {
                "name": "[oss-security] 20150209 CVE-2015-0245: denial of service in dbus \u003e= 1.4 systemd activation",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/02/09/6"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2015-0071.html"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-16T20:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "openSUSE-SU-2015:0300",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html"
            },
            {
              "name": "DSA-3161",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3161"
            },
            {
              "name": "[oss-security] 20150209 CVE-2015-0245: denial of service in dbus \u003e= 1.4 systemd activation",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/02/09/6"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2015-0071.html"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-0245",
        "datePublished": "2015-02-13T15:00:00.000Z",
        "dateReserved": "2014-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:03:10.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7824 (GCVE-0-2014-7824)

    Vulnerability from cvelistv5 – Published: 2014-11-18 15:00 – Updated: 2024-08-06 13:03
    VLAI
    Summary
    D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.openwall.com/lists/oss-security/2014/11/10/2 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/62603 third-party-advisoryx_refsource_SECUNIA
    http://advisories.mageia.org/MGASA-2014-0457.html x_refsource_CONFIRM
    https://bugs.freedesktop.org/show_bug.cgi?id=85105 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/71012 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-2425-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2014/dsa-3099 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2014-11-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:03:27.015Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
              },
              {
                "name": "62603",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/62603"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0457.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
              },
              {
                "name": "dbus-cve20147824-dos(98576)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
              },
              {
                "name": "71012",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/71012"
              },
              {
                "name": "USN-2425-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2425-1"
              },
              {
                "name": "DSA-3099",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3099"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
            },
            {
              "name": "62603",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/62603"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0457.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
            },
            {
              "name": "dbus-cve20147824-dos(98576)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
            },
            {
              "name": "71012",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/71012"
            },
            {
              "name": "USN-2425-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2425-1"
            },
            {
              "name": "DSA-3099",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3099"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-7824",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20141110 CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/11/10/2"
                },
                {
                  "name": "62603",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/62603"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0457.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0457.html"
                },
                {
                  "name": "https://bugs.freedesktop.org/show_bug.cgi?id=85105",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.freedesktop.org/show_bug.cgi?id=85105"
                },
                {
                  "name": "dbus-cve20147824-dos(98576)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98576"
                },
                {
                  "name": "71012",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/71012"
                },
                {
                  "name": "USN-2425-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2425-1"
                },
                {
                  "name": "DSA-3099",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3099"
                },
                {
                  "name": "MDVSA-2015:176",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-7824",
        "datePublished": "2014-11-18T15:00:00.000Z",
        "dateReserved": "2014-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:03:27.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3636 (GCVE-0-2014-3636)

    Vulnerability from cvelistv5 – Published: 2014-10-25 20:00 – Updated: 2024-10-17 18:03
    VLAI
    Summary
    D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2352-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/61378 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/09/16/9 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1030864 vdb-entryx_refsource_SECTRACK
    https://bugs.freedesktop.org/show_bug.cgi?id=82820 x_refsource_CONFIRM
    http://advisories.mageia.org/MGASA-2014-0395.html x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-3026 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2014-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:18.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2352-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2352-1"
              },
              {
                "name": "openSUSE-SU-2014:1239",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
              },
              {
                "name": "61378",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61378"
              },
              {
                "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
              },
              {
                "name": "1030864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030864"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
              },
              {
                "name": "DSA-3026",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3026"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-3636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-26T17:04:09.265575Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T18:03:39.167Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-05-14T16:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2352-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2352-1"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "61378",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61378"
            },
            {
              "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
            },
            {
              "name": "1030864",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030864"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
            },
            {
              "name": "DSA-3026",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3026"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3636",
        "datePublished": "2014-10-25T20:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-10-17T18:03:39.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3635 (GCVE-0-2014-3635)

    Vulnerability from cvelistv5 – Published: 2014-09-22 15:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2352-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    https://bugs.freedesktop.org/show_bug.cgi?id=83622 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://secunia.com/advisories/61378 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/09/16/9 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1030864 vdb-entryx_refsource_SECTRACK
    http://advisories.mageia.org/MGASA-2014-0395.html x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-3026 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2014-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:18.235Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2352-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2352-1"
              },
              {
                "name": "openSUSE-SU-2014:1239",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "name": "61378",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61378"
              },
              {
                "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
              },
              {
                "name": "1030864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030864"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
              },
              {
                "name": "DSA-3026",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3026"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-16T20:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2352-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2352-1"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=83622"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "61378",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61378"
            },
            {
              "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
            },
            {
              "name": "1030864",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030864"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
            },
            {
              "name": "DSA-3026",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3026"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3635",
        "datePublished": "2014-09-22T15:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:18.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3639 (GCVE-0-2014-3639)

    Vulnerability from cvelistv5 – Published: 2014-09-22 15:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2352-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/61378 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/09/16/9 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1030864 vdb-entryx_refsource_SECTRACK
    https://bugs.freedesktop.org/show_bug.cgi?id=80919 x_refsource_CONFIRM
    http://secunia.com/advisories/61431 third-party-advisoryx_refsource_SECUNIA
    http://advisories.mageia.org/MGASA-2014-0395.html x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-3026 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2014-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:18.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2352-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2352-1"
              },
              {
                "name": "openSUSE-SU-2014:1239",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
              },
              {
                "name": "SUSE-SU-2014:1146",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
              },
              {
                "name": "61378",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61378"
              },
              {
                "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
              },
              {
                "name": "1030864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030864"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80919"
              },
              {
                "name": "61431",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61431"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
              },
              {
                "name": "DSA-3026",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3026"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-04T17:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2352-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2352-1"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "SUSE-SU-2014:1146",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
            },
            {
              "name": "61378",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61378"
            },
            {
              "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
            },
            {
              "name": "1030864",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030864"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80919"
            },
            {
              "name": "61431",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61431"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
            },
            {
              "name": "DSA-3026",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3026"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3639",
        "datePublished": "2014-09-22T15:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:18.243Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3637 (GCVE-0-2014-3637)

    Vulnerability from cvelistv5 – Published: 2014-09-22 15:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2352-1 vendor-advisoryx_refsource_UBUNTU
    https://bugs.freedesktop.org/show_bug.cgi?id=80559 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/61378 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/09/16/9 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1030864 vdb-entryx_refsource_SECTRACK
    http://advisories.mageia.org/MGASA-2014-0395.html x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-3026 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.openwall.com/lists/oss-security/2019/0… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2019/0… mailing-listx_refsource_MLIST
    Date Public
    2014-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:18.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2352-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2352-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80559"
              },
              {
                "name": "openSUSE-SU-2014:1239",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
              },
              {
                "name": "61378",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61378"
              },
              {
                "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
              },
              {
                "name": "1030864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030864"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
              },
              {
                "name": "DSA-3026",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3026"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              },
              {
                "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/24/13"
              },
              {
                "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/24/14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-25T02:06:06.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2352-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2352-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=80559"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "61378",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61378"
            },
            {
              "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
            },
            {
              "name": "1030864",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030864"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
            },
            {
              "name": "DSA-3026",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3026"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            },
            {
              "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/24/13"
            },
            {
              "name": "[oss-security] 20190624 Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/24/14"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3637",
        "datePublished": "2014-09-22T15:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:18.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3638 (GCVE-0-2014-3638)

    Vulnerability from cvelistv5 – Published: 2014-09-22 15:00 – Updated: 2024-08-06 10:50
    VLAI
    Summary
    The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-2352-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/61378 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/09/16/9 mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1030864 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/61431 third-party-advisoryx_refsource_SECUNIA
    https://bugs.freedesktop.org/show_bug.cgi?id=81053 x_refsource_CONFIRM
    http://advisories.mageia.org/MGASA-2014-0395.html x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-3026 vendor-advisoryx_refsource_DEBIAN
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2014-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:50:17.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2352-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2352-1"
              },
              {
                "name": "openSUSE-SU-2014:1239",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
              },
              {
                "name": "SUSE-SU-2014:1146",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
              },
              {
                "name": "61378",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61378"
              },
              {
                "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
              },
              {
                "name": "1030864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030864"
              },
              {
                "name": "61431",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61431"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
              },
              {
                "name": "DSA-3026",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3026"
              },
              {
                "name": "MDVSA-2015:176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-04T17:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-2352-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2352-1"
            },
            {
              "name": "openSUSE-SU-2014:1239",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
            },
            {
              "name": "SUSE-SU-2014:1146",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html"
            },
            {
              "name": "61378",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61378"
            },
            {
              "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus \u003c 1.8.8",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9"
            },
            {
              "name": "1030864",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030864"
            },
            {
              "name": "61431",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61431"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0395.html"
            },
            {
              "name": "DSA-3026",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3026"
            },
            {
              "name": "MDVSA-2015:176",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3638",
        "datePublished": "2014-09-22T15:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:50:17.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }