ALT-PU-2024-3680-3

BDU:2022-06389

MEDIUM6.5

Уязвимость системы межпроцессного взаимодействия D-Bus, связанная с достижимостью утверждения в отладочных сборках, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-10-21Modified: 2025-03-05

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2022-42010

BDU:2022-06391

MEDIUM6.5

Уязвимость системы межпроцессного взаимодействия D-Bus, связанная с ошибкой использования памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-10-21Modified: 2025-03-05

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2022-42012

BDU:2022-06394

MEDIUM6.5

Уязвимость системы межпроцессного взаимодействия D-Bus, связанная с граничной ошибкой, вызванной недопустимым массивом элементов фиксированной длины, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-10-21Modified: 2025-03-05

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2022-42011

BDU:2024-02756

MEDIUM6.5

Уязвимость системы межпроцессорного взаимодействия D-Bus, связанная с ошибками контроля доступа, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-04-09Modified: 2025-03-05

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2023-34969

CVE-2022-42010

MEDIUM6.5

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

Published: 2022-10-10Modified: 2025-06-09

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-42011

MEDIUM6.5

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

Published: 2022-10-10Modified: 2025-06-09

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2022-42012

MEDIUM6.5

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Published: 2022-10-10Modified: 2025-06-09

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2023-34969

MEDIUM6.5

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.

Published: 2023-06-08Modified: 2025-06-09

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Package update dbus in branch c10f1

Closed issues (8)

Уязвимость системы межпроцессорного взаимодействия D-Bus, связанная с ошибками контроля доступа, позволяющая нарушителю вызвать отказ в обслуживании

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Closed bugs (2)

зависимость на /proc

CVE-2023-34969