CVE-2011-2200

CWE-20Improper Input Validation9 documents8 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 73.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-bus Project D-busFreedesktop Dbus
Timeline
PublishedJun 22
Latest updateMay 17

Description

The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

Debiandbus< 1.4.12-1+3
NVDfreedesktop/dbus23 versions+22
NVDd-bus_project/d-bus1.2.4.2, 1.2.4.4, 1.2.4.6+2

Patches

Patch: cgit.freedesktop.orgPatch: cgit.freedesktop.orgPatch: cgit.freedesktop.org

🔴Vulnerability Details

3
GHSA
GHSA-8qh5-rr38-7xjm: The _dbus_header_byteswap function in dbus-marshal-header2022-05-17
OSV
CVE-2011-2200: The _dbus_header_byteswap function in dbus-marshal-header2011-06-22
CVEList
CVE-2011-2200: The _dbus_header_byteswap function in dbus-marshal-header2011-06-22

📋Vendor Advisories

3
Ubuntu
DBus vulnerability2011-07-26
Red Hat
dbus: Local DoS via messages with non-native byte order2011-06-09
Debian
CVE-2011-2200: dbus - The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) ...2011

💬Community

2
Bugzilla
CVE-2011-2200 dbus: Local DoS via messages with non-native byte order2011-06-12
Bugzilla
CVE-2011-2200 dbus: Local DoS via messages with non-native byte order [fedora-all]2011-06-12
CVE-2011-2200 (MEDIUM CVSS 4.6) | The _dbus_header_byteswap function | cvebase.io