2.1

CVE-2014-3532

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreedesktopDbus Version >= 1.3.0 < 1.6.22
   LinuxLinux Kernel Version >= 2.6.38
   LinuxLinux Kernel Version2.6.37 Update-
   LinuxLinux Kernel Version2.6.37 Updaterc4
   LinuxLinux Kernel Version2.6.37 Updaterc5
   LinuxLinux Kernel Version2.6.37 Updaterc6
   LinuxLinux Kernel Version2.6.37 Updaterc7
   LinuxLinux Kernel Version2.6.37 Updaterc8
FreedesktopDbus Version >= 1.8.0 < 1.8.6
   LinuxLinux Kernel Version >= 2.6.38
   LinuxLinux Kernel Version2.6.37 Update-
   LinuxLinux Kernel Version2.6.37 Updaterc4
   LinuxLinux Kernel Version2.6.37 Updaterc5
   LinuxLinux Kernel Version2.6.37 Updaterc6
   LinuxLinux Kernel Version2.6.37 Updaterc7
   LinuxLinux Kernel Version2.6.37 Updaterc8
OpensuseOpensuse Version12.3
DebianDebian Linux Version7.0
MageiaMageia Version3.0
MageiaMageia Version4.0
OracleSolaris Version11.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.321
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://openwall.com/lists/oss-security/2014/07/02/4
Third Party Advisory
Mailing List
https://bugs.freedesktop.org/show_bug.cgi?id=80163
Patch
Third Party Advisory
Issue Tracking