Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3834

CWE-20Improper Input Validation13 documents9 sources
Severity
2.1LOW
EPSS
1.9%
top 16.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Freedesktop DbusFreedesktop Dbus1.0
Timeline
PublishedOct 7
Latest updateMay 2

Description

The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

Debiandbus< 1.2.1-4+3
NVDfreedesktop/dbus1.1.4+39
NVDfreedesktop/dbus1.0rc1, rc2, rc3+2

🔴Vulnerability Details

3
GHSA
GHSA-mwh5-h5c7-v5xw: The dbus_signature_validate function in the D-bus library (libdbus) before 12022-05-02
CVEList
CVE-2008-3834: The dbus_signature_validate function in the D-bus library (libdbus) before 12008-10-07
OSV
CVE-2008-3834: The dbus_signature_validate function in the D-bus library (libdbus) before 12008-10-07

💥Exploits & PoCs

1
Exploit-DB
D-Bus Daemon < 1.2.4 - 'libdbus' Denial of Service2009-01-19

📋Vendor Advisories

5
Red Hat
dbus: invalid signatures verified as valid due to improper fix for CVE-2008-38342015-02-06
Red Hat
dbus: invalid fix for CVE-2008-38342009-04-16
Ubuntu
D-Bus vulnerabilities2008-10-14
Red Hat
dbus denial of service2008-09-27
Debian
CVE-2008-3834: dbus - The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4...2008

💬Community

3
Bugzilla
CVE-2009-1193 dbus: invalid signatures verified as valid due to improper fix for CVE-2008-38342009-04-22
Bugzilla
CVE-2009-1189 dbus: invalid fix for CVE-2008-38342009-04-20
Bugzilla
CVE-2008-3834 dbus denial of service2008-09-29
CVE-2008-3834 (LOW CVSS 2.1) | The dbus_signature_validate functio | cvebase.io