2.1
CVE-2008-3834
- EPSS 4.62%
- Veröffentlicht 07.10.2008 21:01:52
- Zuletzt bearbeitet 16.06.2026 22:56:37
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Freedesktop ≫ Dbus Version <= 1.1.4
Freedesktop ≫ Dbus Version0.1
Freedesktop ≫ Dbus Version0.2
Freedesktop ≫ Dbus Version0.3
Freedesktop ≫ Dbus Version0.4
Freedesktop ≫ Dbus Version0.5
Freedesktop ≫ Dbus Version0.6
Freedesktop ≫ Dbus Version0.7
Freedesktop ≫ Dbus Version0.8
Freedesktop ≫ Dbus Version0.9
Freedesktop ≫ Dbus Version0.10
Freedesktop ≫ Dbus Version0.11
Freedesktop ≫ Dbus Version0.12
Freedesktop ≫ Dbus Version0.13
Freedesktop ≫ Dbus Version0.20
Freedesktop ≫ Dbus Version0.21
Freedesktop ≫ Dbus Version0.22
Freedesktop ≫ Dbus Version0.23
Freedesktop ≫ Dbus Version0.23.1
Freedesktop ≫ Dbus Version0.23.2
Freedesktop ≫ Dbus Version0.23.3
Freedesktop ≫ Dbus Version0.31
Freedesktop ≫ Dbus Version0.32
Freedesktop ≫ Dbus Version0.33
Freedesktop ≫ Dbus Version0.34
Freedesktop ≫ Dbus Version0.35
Freedesktop ≫ Dbus Version0.35.1
Freedesktop ≫ Dbus Version0.35.2
Freedesktop ≫ Dbus Version0.36
Freedesktop ≫ Dbus Version0.36.1
Freedesktop ≫ Dbus Version0.36.2
Freedesktop ≫ Dbus Version0.50
Freedesktop ≫ Dbus Version0.61
Freedesktop ≫ Dbus Version0.62
Freedesktop ≫ Dbus Version0.90
Freedesktop ≫ Dbus Version0.91
Freedesktop ≫ Dbus Version0.92
Freedesktop ≫ Dbus Version1.0.2
Freedesktop ≫ Dbus Version1.1.1
Freedesktop ≫ Dbus Version1.1.2
Freedesktop ≫ Dbus1.0 Versionrc1
Freedesktop ≫ Dbus1.0 Versionrc2
Freedesktop ≫ Dbus1.0 Versionrc3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.62% | 0.905 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
http://secunia.com/advisories/32281
http://www.ubuntu.com/usn/usn-653-1
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
http://secunia.com/advisories/32127
http://secunia.com/advisories/32230
http://secunia.com/advisories/32385
http://secunia.com/advisories/33396
http://www.debian.org/security/2008/dsa-1658
http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a
http://www.mandriva.com/security/advisories?name=MDVSA-2008:213
http://www.redhat.com/support/errata/RHSA-2009-0008.html
http://www.securityfocus.com/bid/31602
http://www.securitytracker.com/id?1021063
http://www.vupen.com/english/advisories/2008/2762
https://bugs.freedesktop.org/show_bug.cgi?id=17803
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834
https://exchange.xforce.ibmcloud.com/vulnerabilities/45701
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253
https://www.exploit-db.com/exploits/7822
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html