4.6
CVE-2011-2200
- EPSS 0.1%
- Veröffentlicht 22.06.2011 22:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Freedesktop ≫ Dbus Version1.5.0
Freedesktop ≫ Dbus Version1.5.2
Freedesktop ≫ Dbus Version1.4.0
Freedesktop ≫ Dbus Version1.4.1
Freedesktop ≫ Dbus Version1.4.4
Freedesktop ≫ Dbus Version1.4.6
Freedesktop ≫ Dbus Version1.4.8
Freedesktop ≫ Dbus Version1.4.10
D-bus Project ≫ D-bus Version1.2.4.2
D-bus Project ≫ D-bus Version1.2.4.4
D-bus Project ≫ D-bus Version1.2.4.6
Freedesktop ≫ Dbus Version1.2.1
Freedesktop ≫ Dbus Version1.2.2
Freedesktop ≫ Dbus Version1.2.3
Freedesktop ≫ Dbus Version1.2.4
Freedesktop ≫ Dbus Version1.2.6
Freedesktop ≫ Dbus Version1.2.8
Freedesktop ≫ Dbus Version1.2.10
Freedesktop ≫ Dbus Version1.2.12
Freedesktop ≫ Dbus Version1.2.14
Freedesktop ≫ Dbus Version1.2.16
Freedesktop ≫ Dbus Version1.2.18
Freedesktop ≫ Dbus Version1.2.20
Freedesktop ≫ Dbus Version1.2.22
Freedesktop ≫ Dbus Version1.2.24
Freedesktop ≫ Dbus Version1.2.26
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.279 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.