CVE-2022-42010

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
freedesktopdbus
𝑥
< 1.12.24
freedesktopdbus
1.13.0 ≤
𝑥
< 1.14.4
freedesktopdbus
1.15.0 ≤
𝑥
< 1.15.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dbus
bookworm
1.14.10-1~deb12u1
fixed
bullseye
1.12.28-0+deb11u1
fixed
bullseye (security)
1.12.24-0+deb11u1
fixed
sid
1.14.10-6
fixed
trixie
1.14.10-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dbus
bionic
Fixed 1.12.2-1ubuntu1.4
released
focal
Fixed 1.12.16-2ubuntu2.3
released
jammy
Fixed 1.12.20-2ubuntu4.1
released
kinetic
Fixed 1.14.0-2ubuntu3
released
lunar
Fixed 1.14.0-2ubuntu3
released
trusty
Fixed 1.6.18-0ubuntu4.5+esm3
released
xenial
Fixed 1.10.6-1ubuntu3.6+esm2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
dbus-1
suse enterprise desktop 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise desktop 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP7
1.12.2-150400.18.5.1
fixed
suse enterprise sap 12 SP5
1.8.22-38.1
fixed
suse enterprise sap 15 SP1
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP2
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP7
1.12.2-150400.18.5.1
fixed
suse enterprise server 12 SP3
1.8.22-29.24.1
fixed
suse enterprise server 12 SP4
1.8.22-29.24.1
fixed
suse enterprise server 12 SP5
1.8.22-38.1
fixed
suse enterprise server 15 SP1
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP2
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP7
1.12.2-150400.18.5.1
fixed
dbus-1-devel
suse enterprise desktop 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise desktop 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP7
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP1
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP2
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP7
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP1
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP2
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP7
1.12.2-150400.18.5.1
fixed
dbus-1-x11
suse enterprise desktop 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise desktop 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP7
1.12.2-150400.18.5.1
fixed
suse enterprise sap 12 SP5
1.8.22-38.1
fixed
suse enterprise sap 15 SP1
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP2
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP7
1.12.2-150400.18.5.1
fixed
suse enterprise server 12 SP3
1.8.22-29.24.1
fixed
suse enterprise server 12 SP4
1.8.22-29.24.1
fixed
suse enterprise server 12 SP5
1.8.22-38.1
fixed
suse enterprise server 15 SP1
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP2
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP7
1.12.2-150400.18.5.1
fixed
libdbus-1-3
suse enterprise desktop 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise desktop 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP7
1.12.2-150400.18.5.1
fixed
suse enterprise sap 12 SP5
1.8.22-38.1
fixed
suse enterprise sap 15 SP1
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP2
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP7
1.12.2-150400.18.5.1
fixed
suse enterprise server 12 SP3
1.8.22-29.24.1
fixed
suse enterprise server 12 SP4
1.8.22-29.24.1
fixed
suse enterprise server 12 SP5
1.8.22-38.1
fixed
suse enterprise server 15 SP1
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP2
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP7
1.12.2-150400.18.5.1
fixed
libdbus-1-3-32bit
suse enterprise desktop 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise desktop 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise desktop 15 SP7
1.12.2-150400.18.5.1
fixed
suse enterprise sap 12 SP5
1.8.22-38.1
fixed
suse enterprise sap 15 SP1
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP2
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise sap 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise sap 15 SP7
1.12.2-150400.18.5.1
fixed
suse enterprise server 12 SP3
1.8.22-29.24.1
fixed
suse enterprise server 12 SP4
1.8.22-29.24.1
fixed
suse enterprise server 12 SP5
1.8.22-38.1
fixed
suse enterprise server 15 SP1
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP2
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP3
1.12.2-150100.8.14.1
fixed
suse enterprise server 15 SP4
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP5
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP6
1.12.2-150400.18.5.1
fixed
suse enterprise server 15 SP7
1.12.2-150400.18.5.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
dbus
RHEL 8
1:1.12.8-23.el8_7.1
fixed
RHEL 8.6 AUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 E4S
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 EUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 TUS
1:1.12.8-18.el8_6.2
fixed
RHEL 9
1:1.12.20-7.el9_1
fixed
dbus-common
RHEL 8
1:1.12.8-23.el8_7.1
fixed
RHEL 8.6 AUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 E4S
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 EUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 TUS
1:1.12.8-18.el8_6.2
fixed
RHEL 9
1:1.12.20-7.el9_1
fixed
dbus-daemon
RHEL 8
1:1.12.8-23.el8_7.1
fixed
RHEL 8.6 AUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 E4S
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 EUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 TUS
1:1.12.8-18.el8_6.2
fixed
RHEL 9
1:1.12.20-7.el9_1
fixed
dbus-devel
RHEL 8
1:1.12.8-23.el8_7.1
fixed
RHEL 8.6 AUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 E4S
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 EUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 TUS
1:1.12.8-18.el8_6.2
fixed
RHEL 9
1:1.12.20-7.el9_1
fixed
dbus-libs
RHEL 8
1:1.12.8-23.el8_7.1
fixed
RHEL 8.6 AUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 E4S
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 EUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 TUS
1:1.12.8-18.el8_6.2
fixed
RHEL 9
1:1.12.20-7.el9_1
fixed
dbus-tools
RHEL 8
1:1.12.8-23.el8_7.1
fixed
RHEL 8.6 AUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 E4S
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 EUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 TUS
1:1.12.8-18.el8_6.2
fixed
RHEL 9
1:1.12.20-7.el9_1
fixed
dbus-x11
RHEL 8
1:1.12.8-23.el8_7.1
fixed
RHEL 8.6 AUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 E4S
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 EUS
1:1.12.8-18.el8_6.2
fixed
RHEL 8.6 TUS
1:1.12.8-18.el8_6.2
fixed
RHEL 9
1:1.12.20-7.el9_1
fixed
Common Weakness Enumeration
References
https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/
https://security.gentoo.org/glsa/202305-08
https://www.openwall.com/lists/oss-security/2022/10/06/1
https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/
https://security.gentoo.org/glsa/202305-08
https://www.openwall.com/lists/oss-security/2022/10/06/1