CVE-2014-3477

11 documents8 sources
Severity
4.0MEDIUM
EPSS
0.1%
top 75.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-bus Project D-busFreedesktop Dbus
Timeline
PublishedJul 1
Latest updateMay 17

Description

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.5 | Impact: 1.4

Affected Packages4 packages

Debiandbus< 1.8.4-1+3
Ubuntudbus< 1.6.18-0ubuntu4.1
NVDfreedesktop/dbus44 versions+43
NVDd-bus_project/d-bus1.2.4.2, 1.2.4.4, 1.2.4.6+2

Patches

Patch: cgit.freedesktop.orgPatch: seclists.orgPatch: cgit.freedesktop.org

🔴Vulnerability Details

4
GHSA
GHSA-qj2p-fqqf-6x63: The dbus-daemon in D-Bus 12022-05-17
OSV
dbus vulnerabilities2014-07-08
OSV
CVE-2014-3477: The dbus-daemon in D-Bus 12014-07-01
CVEList
CVE-2014-3477: The dbus-daemon in D-Bus 12014-07-01

📋Vendor Advisories

3
Ubuntu
DBus vulnerabilities2014-07-08
Red Hat
dbus: denial of service flaw in dbus-daemon2014-06-10
Debian
CVE-2014-3477: dbus - The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x bef...2014

💬Community

3
Bugzilla
CVE-2014-3477 mingw-dbus: dbus: denial of service flaw in dbus-daemon [fedora-all]2014-07-08
Bugzilla
CVE-2014-3477 dbus: denial of service flaw in dbus-daemon [fedora-all]2014-06-11
Bugzilla
CVE-2014-3477 dbus: denial of service flaw in dbus-daemon2014-06-04
CVE-2014-3477 (MEDIUM CVSS 4) | The dbus-daemon in D-Bus 1.2.x thro | cvebase.io