CVE-2014-3636

CWE-39916 documents8 sources
Severity
1.9LOW
EPSS
0.1%
top 73.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
D-bus Project D-busFreedesktop DbusOpensuse Opensuse
Timeline
PublishedOct 25
Latest updateMay 14

Description

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages4 packages

Debiandbus< 1.8.8-1+3
NVDfreedesktop/dbus4 versions+3

Patches

Patch: bugs.freedesktop.orgPatch: bugs.freedesktop.org

🔴Vulnerability Details

4
GHSA
GHSA-vh38-h8j6-grqm: D-Bus 12022-05-14
OSV
CVE-2014-3636: D-Bus 12014-10-25
CVEList
CVE-2014-3636: D-Bus 12014-10-25
OSV
dbus vulnerabilities2014-09-22

📋Vendor Advisories

3
Ubuntu
DBus vulnerabilities2014-09-22
Red Hat
dbus: denial of service by queuing or splitting file descriptors2014-09-16
Debian
CVE-2014-3636: dbus - D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local user...2014

💬Community

8
Bugzilla
CVE-2014-7824 dbus: local denial of service via incomplete fix for CVE-2014-3636 [fedora-all]2014-12-12
Bugzilla
CVE-2014-7824 mingw-dbus: dbus: local denial of service via incomplete fix for CVE-2014-3636 [fedora-all]2014-12-12
Bugzilla
CVE-2014-7824 dbus: local denial of service via incomplete fix for CVE-2014-36362014-12-12
Bugzilla
CVE-2014-7824 mingw-dbus: dbus: local denial of service via incomplete fix for CVE-2014-3636 [epel-7]2014-12-12
Bugzilla
CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 mingw-dbus: various flaws [fedora-all]2014-09-17
CVE-2014-3636 (LOW CVSS 1.9) | D-Bus 1.3.0 through 1.6.x before 1. | cvebase.io