CVE-2014-3532

CWE-20 — Improper Input Validation12 documents8 sources

Severity

2.1LOW

EPSS

0.1%

top 68.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Dbus Debian Debian Linux Mageia Mageia +2 more

Timeline

PublishedJul 19

Latest updateMay 13

Description

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages6 packages

▶NVDfreedesktop/dbus1.3.0 — 1.6.22+1

▶Debiandbus< 1.8.6-1+3

▶Ubuntudbus< 1.6.18-0ubuntu4.1

▶NVDmageia/mageia3.0, 4.0+1

▶NVDoracle/solaris11.3

Also affects: Debian Linux 7.0

Patches

Patch: bugs.freedesktop.org ↗Patch: bugs.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-7x26-2rv5-r99f: dbus 1↗2022-05-13

▶

OSV

CVE-2014-3532: dbus 1↗2014-07-19

▶

CVEList

CVE-2014-3532: dbus 1↗2014-07-19

▶

OSV

dbus vulnerabilities↗2014-07-08

▶

📋Vendor Advisories

Ubuntu

DBus vulnerabilities↗2014-07-08

▶

Red Hat

dbus: denial of service in file descriptor passing feature↗2014-07-02

▶

Debian

CVE-2014-3532: dbus - dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc...↗2014

▶

💬Community

Bugzilla

CVE-2014-3533 CVE-2014-3532 mingw-dbus: various flaws [fedora-all]↗2014-07-02

▶

Bugzilla

CVE-2014-3533 CVE-2014-3532 dbus: various flaws [fedora-all]↗2014-07-02

▶

Bugzilla

CVE-2014-3533 CVE-2014-3532 mingw-dbus: various flaws [epel-7]↗2014-07-02

▶

Bugzilla

CVE-2014-3532 dbus: denial of service in file descriptor passing feature↗2014-06-30

▶