An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
References
Link | Resource |
---|---|
https://gitlab.freedesktop.org/dbus/dbus/-/issues/413 | Exploit Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/ | Mailing List |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/ | Mailing List |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/ | Mailing List |
https://security.gentoo.org/glsa/202305-08 | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2022/10/06/1 | Mailing List Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
27 Dec 2023, 16:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/ - Mailing List | |
References | (GENTOO) https://security.gentoo.org/glsa/202305-08 - Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/ - Mailing List | |
First Time |
Freedesktop dbus
Freedesktop |
|
CPE | cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
07 Nov 2023, 03:53
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2022-10-10 00:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-42011
Mitre link : CVE-2022-42011
CVE.ORG link : CVE-2022-42011
JSON object : View
Products Affected
freedesktop
- dbus
fedoraproject
- fedora
CWE
CWE-129
Improper Validation of Array Index