CVE-2014-3639

CWE-399 CWE-400 — Uncontrolled Resource Consumption11 documents8 sources

Severity

2.1LOW

EPSS

0.1%

top 72.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-bus Project D-bus Freedesktop Dbus Opensuse Opensuse

Timeline

PublishedSep 22

Latest updateMay 14

Description

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

▶Debiandbus< 1.8.8-1+3

▶NVDfreedesktop/dbus15 versions+14

▶NVDd-bus_project/d-bus1.6.22

▶NVDopensuse/opensuse12.3

Patches

Patch: bugs.freedesktop.org ↗Patch: bugs.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-wx34-7xqf-qpp4: The dbus-daemon in D-Bus before 1↗2022-05-14

▶

CVEList

CVE-2014-3639: The dbus-daemon in D-Bus before 1↗2014-09-22

▶

OSV

CVE-2014-3639: The dbus-daemon in D-Bus before 1↗2014-09-22

▶

📋Vendor Advisories

Ubuntu

DBus vulnerabilities↗2014-09-22

▶

Red Hat

dbus: denial of service flaw in incomplete connection handling↗2014-09-16

▶

Debian

CVE-2014-3639: dbus - The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly ...↗2014

▶

💬Community

Bugzilla

CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 mingw-dbus: various flaws [fedora-all]↗2014-09-17

▶

Bugzilla

CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 mingw-dbus: various flaws [epel-7]↗2014-09-17

▶

Bugzilla

CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 dbus: various flaws [fedora-all]↗2014-09-17

▶

Bugzilla

CVE-2014-3639 dbus: denial of service flaw in incomplete connection handling↗2014-09-11

▶