CVE-2014-3637

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
freedesktopdbus
1.3.0
freedesktopdbus
1.3.1
freedesktopdbus
1.4.0
freedesktopdbus
1.4.1
freedesktopdbus
1.4.4
freedesktopdbus
1.4.6
freedesktopdbus
1.4.8
freedesktopdbus
1.4.10
freedesktopdbus
1.4.12
freedesktopdbus
1.4.14
freedesktopdbus
1.4.16
freedesktopdbus
1.4.18
freedesktopdbus
1.4.20
freedesktopdbus
1.4.22
freedesktopdbus
1.4.24
freedesktopdbus
1.4.26
freedesktopdbus
1.5.0
freedesktopdbus
1.5.2
freedesktopdbus
1.5.4
freedesktopdbus
1.5.6
freedesktopdbus
1.5.8
freedesktopdbus
1.5.10
freedesktopdbus
1.5.12
freedesktopdbus
1.6.0
freedesktopdbus
1.6.2
freedesktopdbus
1.6.4
freedesktopdbus
1.6.6
freedesktopdbus
1.6.8
freedesktopdbus
1.6.10
freedesktopdbus
1.6.12
freedesktopdbus
1.6.14
freedesktopdbus
1.6.16
freedesktopdbus
1.6.18
freedesktopdbus
1.6.20
freedesktopdbus
1.6.22
freedesktopdbus
1.8.0
freedesktopdbus
1.8.2
freedesktopdbus
1.8.4
freedesktopdbus
1.8.6
opensuseopensuse
12.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dbus
bullseye
1.12.28-0+deb11u1
fixed
squeeze
not-affected
bullseye (security)
1.12.24-0+deb11u1
fixed
bookworm
1.14.10-1~deb12u1
fixed
sid
1.14.10-6
fixed
trixie
1.14.10-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dbus
trusty
Fixed 1.6.18-0ubuntu4.2
released
precise
Fixed 1.4.18-1ubuntu1.6
released
lucid
not-affected
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0395.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
http://secunia.com/advisories/61378
http://www.debian.org/security/2014/dsa-3026
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
http://www.openwall.com/lists/oss-security/2014/09/16/9
http://www.openwall.com/lists/oss-security/2019/06/24/13
http://www.openwall.com/lists/oss-security/2019/06/24/14
http://www.securitytracker.com/id/1030864
http://www.ubuntu.com/usn/USN-2352-1
https://bugs.freedesktop.org/show_bug.cgi?id=80559
http://advisories.mageia.org/MGASA-2014-0395.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
http://secunia.com/advisories/61378
http://www.debian.org/security/2014/dsa-3026
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
http://www.openwall.com/lists/oss-security/2014/09/16/9
http://www.openwall.com/lists/oss-security/2019/06/24/13
http://www.openwall.com/lists/oss-security/2019/06/24/14
http://www.securitytracker.com/id/1030864
http://www.ubuntu.com/usn/USN-2352-1
https://bugs.freedesktop.org/show_bug.cgi?id=80559