2.1

CVE-2008-3834

The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreedesktopDbus Version <= 1.1.4
FreedesktopDbus Version0.1
FreedesktopDbus Version0.2
FreedesktopDbus Version0.3
FreedesktopDbus Version0.4
FreedesktopDbus Version0.5
FreedesktopDbus Version0.6
FreedesktopDbus Version0.7
FreedesktopDbus Version0.8
FreedesktopDbus Version0.9
FreedesktopDbus Version0.10
FreedesktopDbus Version0.11
FreedesktopDbus Version0.12
FreedesktopDbus Version0.13
FreedesktopDbus Version0.20
FreedesktopDbus Version0.21
FreedesktopDbus Version0.22
FreedesktopDbus Version0.23
FreedesktopDbus Version0.23.1
FreedesktopDbus Version0.23.2
FreedesktopDbus Version0.23.3
FreedesktopDbus Version0.31
FreedesktopDbus Version0.32
FreedesktopDbus Version0.33
FreedesktopDbus Version0.34
FreedesktopDbus Version0.35
FreedesktopDbus Version0.35.1
FreedesktopDbus Version0.35.2
FreedesktopDbus Version0.36
FreedesktopDbus Version0.36.1
FreedesktopDbus Version0.36.2
FreedesktopDbus Version0.50
FreedesktopDbus Version0.61
FreedesktopDbus Version0.62
FreedesktopDbus Version0.90
FreedesktopDbus Version0.91
FreedesktopDbus Version0.92
FreedesktopDbus Version1.0.2
FreedesktopDbus Version1.1.1
FreedesktopDbus Version1.1.2
FreedesktopDbus1.0 Versionrc1
FreedesktopDbus1.0 Versionrc2
FreedesktopDbus1.0 Versionrc3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.62% 0.905
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
http://secunia.com/advisories/32281
http://www.ubuntu.com/usn/usn-653-1
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
http://secunia.com/advisories/32127
Vendor Advisory
http://secunia.com/advisories/32230
http://secunia.com/advisories/32385
http://secunia.com/advisories/33396
http://www.debian.org/security/2008/dsa-1658
http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a
http://www.mandriva.com/security/advisories?name=MDVSA-2008:213
http://www.redhat.com/support/errata/RHSA-2009-0008.html
http://www.securityfocus.com/bid/31602
http://www.securitytracker.com/id?1021063
http://www.vupen.com/english/advisories/2008/2762
https://bugs.freedesktop.org/show_bug.cgi?id=17803
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834
https://exchange.xforce.ibmcloud.com/vulnerabilities/45701
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253
https://www.exploit-db.com/exploits/7822
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html