CVE-2010-4352

Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
d-bus_projectd-bus
𝑥
≤ 1.4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dbus
bookworm
1.14.10-1~deb12u1
fixed
bullseye
1.12.28-0+deb11u1
fixed
bullseye (security)
1.12.24-0+deb11u1
fixed
sid
1.14.10-6
fixed
trixie
1.14.10-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dbus
dapper
ignored
hardy
Fixed 1.1.20-1ubuntu3.4
released
karmic
Fixed 1.2.16-0ubuntu9.1
released
lucid
Fixed 1.2.16-2ubuntu4.1
released
maverick
Fixed 1.4.0-0ubuntu1.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
dbus-1
suse enterprise sap 12 SP5
1.8.22-9.38
fixed
suse enterprise server 12 SP5
1.8.22-9.38
fixed
dbus-1-x11
suse enterprise sap 12 SP5
1.8.22-9.38
fixed
suse enterprise server 12 SP5
1.8.22-9.38
fixed
libdbus-1-3
suse enterprise sap 12 SP5
1.8.22-9.28
fixed
suse enterprise server 12 SP5
1.8.22-9.28
fixed
libdbus-1-3-32bit
suse enterprise sap 12 SP5
1.8.22-9.28
fixed
suse enterprise server 12 SP5
1.8.22-9.28
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
dbus
RHEL 6
1:1.2.24-4.el6_0
fixed
dbus-devel
RHEL 6
1:1.2.24-4.el6_0
fixed
dbus-doc
RHEL 6
1:1.2.24-4.el6_0
fixed
dbus-libs
RHEL 6
1:1.2.24-4.el6_0
fixed
dbus-x11
RHEL 6
1:1.2.24-4.el6_0
fixed
Common Weakness Enumeration
References
http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052550.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
http://openwall.com/lists/oss-security/2010/12/16/3
http://openwall.com/lists/oss-security/2010/12/16/6
http://openwall.com/lists/oss-security/2010/12/21/3
http://secunia.com/advisories/42580
http://secunia.com/advisories/42760
http://secunia.com/advisories/42911
http://secunia.com/advisories/42960
http://www.debian.org/security/2011/dsa-2149
http://www.remlab.net/op/dbus-variant-recursion.shtml
http://www.securityfocus.com/bid/45377
http://www.ubuntu.com/usn/USN-1044-1
http://www.vupen.com/english/advisories/2010/3325
http://www.vupen.com/english/advisories/2011/0161
http://www.vupen.com/english/advisories/2011/0178
http://www.vupen.com/english/advisories/2011/0464
https://bugs.freedesktop.org/show_bug.cgi?id=32321
https://bugzilla.redhat.com/show_bug.cgi?id=663673
http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052550.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
http://openwall.com/lists/oss-security/2010/12/16/3
http://openwall.com/lists/oss-security/2010/12/16/6
http://openwall.com/lists/oss-security/2010/12/21/3
http://secunia.com/advisories/42580
http://secunia.com/advisories/42760
http://secunia.com/advisories/42911
http://secunia.com/advisories/42960
http://www.debian.org/security/2011/dsa-2149
http://www.remlab.net/op/dbus-variant-recursion.shtml
http://www.securityfocus.com/bid/45377
http://www.ubuntu.com/usn/USN-1044-1
http://www.vupen.com/english/advisories/2010/3325
http://www.vupen.com/english/advisories/2011/0161
http://www.vupen.com/english/advisories/2011/0178
http://www.vupen.com/english/advisories/2011/0464
https://bugs.freedesktop.org/show_bug.cgi?id=32321
https://bugzilla.redhat.com/show_bug.cgi?id=663673