CVE-2014-3533

CWE-20 — Improper Input Validation12 documents8 sources

Severity

2.1LOW

EPSS

0.1%

top 74.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Freedesktop Dbus Mageia Project Mageia +1 more

Timeline

PublishedJul 19

Latest updateMay 14

Description

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

▶Debiandbus< 1.8.6-1+3

▶Ubuntudbus< 1.6.18-0ubuntu4.1

▶NVDfreedesktop/dbus34 versions+33

▶NVDopensuse/opensuse12.3

▶NVDmageia_project/mageia3, 4+1

Also affects: Debian Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-gf7v-52mw-wwh2: dbus 1↗2022-05-14

▶

OSV

CVE-2014-3533: dbus 1↗2014-07-19

▶

CVEList

CVE-2014-3533: dbus 1↗2014-07-19

▶

OSV

dbus vulnerabilities↗2014-07-08

▶

📋Vendor Advisories

Ubuntu

DBus vulnerabilities↗2014-07-08

▶

Red Hat

dbus: denial of service when forwarding invalid file descriptors↗2014-07-02

▶

Debian

CVE-2014-3533: dbus - dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a de...↗2014

▶

💬Community

Bugzilla

CVE-2014-3533 CVE-2014-3532 mingw-dbus: various flaws [fedora-all]↗2014-07-02

▶

Bugzilla

CVE-2014-3533 CVE-2014-3532 dbus: various flaws [fedora-all]↗2014-07-02

▶

Bugzilla

CVE-2014-3533 CVE-2014-3532 mingw-dbus: various flaws [epel-7]↗2014-07-02

▶

Bugzilla

CVE-2014-3533 dbus: denial of service when forwarding invalid file descriptors↗2014-06-30

▶