CVE-2014-3532

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
freedesktopdbus
1.3.0 ≤
𝑥
< 1.6.22
freedesktopdbus
1.8.0 ≤
𝑥
< 1.8.6
opensuseopensuse
12.3
debiandebian_linux
7.0
mageiamageia
3.0
mageiamageia
4.0
oraclesolaris
11.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dbus
bullseye
1.12.28-0+deb11u1
fixed
squeeze
not-affected
bullseye (security)
1.12.24-0+deb11u1
fixed
bookworm
1.14.10-1~deb12u1
fixed
sid
1.14.10-6
fixed
trixie
1.14.10-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dbus
trusty
Fixed 1.6.18-0ubuntu4.1
released
saucy
Fixed 1.6.12-0ubuntu10.1
released
precise
Fixed 1.4.18-1ubuntu1.5
released
lucid
not-affected
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0294.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
http://openwall.com/lists/oss-security/2014/07/02/4
http://secunia.com/advisories/59611
http://secunia.com/advisories/59798
http://secunia.com/advisories/60236
http://www.debian.org/security/2014/dsa-2971
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://bugs.freedesktop.org/show_bug.cgi?id=80163
http://advisories.mageia.org/MGASA-2014-0294.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
http://openwall.com/lists/oss-security/2014/07/02/4
http://secunia.com/advisories/59611
http://secunia.com/advisories/59798
http://secunia.com/advisories/60236
http://www.debian.org/security/2014/dsa-2971
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://bugs.freedesktop.org/show_bug.cgi?id=80163