CVE-2013-2168

CWE-20 — Improper Input Validation9 documents8 sources

Severity

1.9LOW

EPSS

0.1%

top 74.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Dbus Opensuse Opensuse

Timeline

PublishedJul 3

Latest updateMay 14

Description

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages3 packages

▶Debiandbus< 1.6.12-1+3

▶NVDfreedesktop/dbus21 versions+20

▶NVDopensuse/opensuse12.3

🔴Vulnerability Details

GHSA

GHSA-c26p-366m-4xv6: The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix↗2022-05-14

▶

OSV

CVE-2013-2168: The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix↗2013-07-03

▶

CVEList

CVE-2013-2168: The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix↗2013-07-03

▶

📋Vendor Advisories

Red Hat

dbus: Crash of system services that use libdbus (DoS) due to non-portable use of va_list in UNIX format string wrapper↗2013-06-13

▶

Ubuntu

DBus vulnerability↗2013-06-13

▶

Debian

CVE-2013-2168: dbus - The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bu...↗2013

▶

💬Community

Bugzilla

CVE-2013-2168 dbus: Crash of system services that use libdbus (DoS) due to non-portable use of va_list in UNIX format string wrapper [fedora-18]↗2013-06-13

▶

Bugzilla

CVE-2013-2168 dbus: Crash of system services that use libdbus (DoS) due to non-portable use of va_list in UNIX format string wrapper↗2013-06-13

▶