CVE-2022-42010

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
freedesktopdbus
𝑥
< 1.12.24
freedesktopdbus
1.13.0 ≤
𝑥
< 1.14.4
freedesktopdbus
1.15.0 ≤
𝑥
< 1.15.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dbus
bullseye
1.12.28-0+deb11u1
fixed
bullseye (security)
1.12.24-0+deb11u1
fixed
bookworm
1.14.10-1~deb12u1
fixed
sid
1.14.10-6
fixed
trixie
1.14.10-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dbus
lunar
Fixed 1.14.0-2ubuntu3
released
kinetic
Fixed 1.14.0-2ubuntu3
released
jammy
Fixed 1.12.20-2ubuntu4.1
released
focal
Fixed 1.12.16-2ubuntu2.3
released
bionic
Fixed 1.12.2-1ubuntu1.4
released
xenial
Fixed 1.10.6-1ubuntu3.6+esm2
released
trusty
Fixed 1.6.18-0ubuntu4.5+esm3
released
Common Weakness Enumeration
References
https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/
https://security.gentoo.org/glsa/202305-08
https://www.openwall.com/lists/oss-security/2022/10/06/1
https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/
https://security.gentoo.org/glsa/202305-08
https://www.openwall.com/lists/oss-security/2022/10/06/1