1.9

CVE-2013-2168

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreedesktopDbus Version1.4.0
FreedesktopDbus Version1.4.1
FreedesktopDbus Version1.4.4
FreedesktopDbus Version1.4.6
FreedesktopDbus Version1.4.8
FreedesktopDbus Version1.4.10
FreedesktopDbus Version1.4.12
FreedesktopDbus Version1.4.14
FreedesktopDbus Version1.4.16
FreedesktopDbus Version1.4.18
FreedesktopDbus Version1.4.20
FreedesktopDbus Version1.4.24
FreedesktopDbus Version1.7.0
FreedesktopDbus Version1.7.2
FreedesktopDbus Version1.6.0
FreedesktopDbus Version1.6.2
FreedesktopDbus Version1.6.4
FreedesktopDbus Version1.6.6
FreedesktopDbus Version1.6.8
FreedesktopDbus Version1.6.10
FreedesktopDbus Version1.6.16
OpensuseOpensuse Version12.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.299
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html
http://lists.freedesktop.org/archives/dbus/2013-June/015696.html
http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
http://secunia.com/advisories/53317
Vendor Advisory
http://secunia.com/advisories/53832
Vendor Advisory
http://www.debian.org/security/2013/dsa-2707
http://www.mandriva.com/security/advisories?name=MDVSA-2013:177
http://www.openwall.com/lists/oss-security/2013/06/13/2
http://www.securityfocus.com/bid/60546
http://www.securitytracker.com/id/1028667
http://www.ubuntu.com/usn/USN-1874-1
https://bugzilla.redhat.com/show_bug.cgi?id=974109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881