CVE-2014-3636

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
d-bus_projectd-bus
𝑥
≤ 1.6.22
freedesktopdbus
1.8.0
freedesktopdbus
1.8.2
freedesktopdbus
1.8.4
freedesktopdbus
1.8.6
opensuseopensuse
12.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dbus
bullseye
1.12.28-0+deb11u1
fixed
squeeze
not-affected
bullseye (security)
1.12.24-0+deb11u1
fixed
bookworm
1.14.10-1~deb12u1
fixed
sid
1.14.10-6
fixed
trixie
1.14.10-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dbus
trusty
Fixed 1.6.18-0ubuntu4.2
released
precise
Fixed 1.4.18-1ubuntu1.6
released
lucid
not-affected
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0395.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
http://secunia.com/advisories/61378
http://www.debian.org/security/2014/dsa-3026
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
http://www.openwall.com/lists/oss-security/2014/09/16/9
http://www.securitytracker.com/id/1030864
http://www.ubuntu.com/usn/USN-2352-1
https://bugs.freedesktop.org/show_bug.cgi?id=82820
http://advisories.mageia.org/MGASA-2014-0395.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
http://secunia.com/advisories/61378
http://www.debian.org/security/2014/dsa-3026
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
http://www.openwall.com/lists/oss-security/2014/09/16/9
http://www.securitytracker.com/id/1030864
http://www.ubuntu.com/usn/USN-2352-1
https://bugs.freedesktop.org/show_bug.cgi?id=82820