2.1

CVE-2008-3834

The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.

Data is provided by the National Vulnerability Database (NVD)
FreedesktopDbus Version <= 1.1.4
FreedesktopDbus Version0.1
FreedesktopDbus Version0.2
FreedesktopDbus Version0.3
FreedesktopDbus Version0.4
FreedesktopDbus Version0.5
FreedesktopDbus Version0.6
FreedesktopDbus Version0.7
FreedesktopDbus Version0.8
FreedesktopDbus Version0.9
FreedesktopDbus Version0.10
FreedesktopDbus Version0.11
FreedesktopDbus Version0.12
FreedesktopDbus Version0.13
FreedesktopDbus Version0.20
FreedesktopDbus Version0.21
FreedesktopDbus Version0.22
FreedesktopDbus Version0.23
FreedesktopDbus Version0.23.1
FreedesktopDbus Version0.23.2
FreedesktopDbus Version0.23.3
FreedesktopDbus Version0.31
FreedesktopDbus Version0.32
FreedesktopDbus Version0.33
FreedesktopDbus Version0.34
FreedesktopDbus Version0.35
FreedesktopDbus Version0.35.1
FreedesktopDbus Version0.35.2
FreedesktopDbus Version0.36
FreedesktopDbus Version0.36.1
FreedesktopDbus Version0.36.2
FreedesktopDbus Version0.50
FreedesktopDbus Version0.61
FreedesktopDbus Version0.62
FreedesktopDbus Version0.90
FreedesktopDbus Version0.91
FreedesktopDbus Version0.92
FreedesktopDbus Version1.0.2
FreedesktopDbus Version1.1.1
FreedesktopDbus Version1.1.2
FreedesktopDbus1.0 Versionrc1
FreedesktopDbus1.0 Versionrc2
FreedesktopDbus1.0 Versionrc3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.21% 0.782
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.