CVE-2015-0245

CWE-362 — Race Condition CWE-28510 documents8 sources

Severity

1.9LOW

EPSS

0.1%

top 74.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Dbus Opensuse Opensuse

Timeline

PublishedFeb 13

Latest updateMay 14

Description

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages4 packages

▶Debiandbus< 1.8.16-1+3

▶Ubuntudbus< 1.6.18-0ubuntu4.4+1

▶NVDfreedesktop/dbus48 versions+47

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

GHSA

GHSA-8jc2-f36v-gc57: D-Bus 1↗2022-05-14

▶

OSV

dbus vulnerabilities↗2016-11-01

▶

CVEList

CVE-2015-0245: D-Bus 1↗2015-02-13

▶

OSV

CVE-2015-0245: D-Bus 1↗2015-02-13

▶

📋Vendor Advisories

Ubuntu

DBus vulnerabilities↗2016-11-01

▶

Red Hat

dbus: denial of service in dbus systemd activation↗2015-02-09

▶

Debian

CVE-2015-0245: dbus - D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1...↗2015

▶

💬Community

Bugzilla

CVE-2015-0245 dbus: denial of service in dbus systemd activation↗2015-01-28

▶