cbcvebase.
CVE-2022-42011
published 2022-10-10

CVE-2022-42011: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and…

medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

Affected

18 ranges
VendorProductVersion rangeFixed in
debiandbus< dbus 1.14.4-1 (bookworm)dbus 1.14.4-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
freedesktopdbus< 1.12.241.12.24
freedesktopdbus>= 0 < 1.12.24-0+deb11u11.12.24-0+deb11u1
freedesktopdbus>= 0 < 1.14.4-11.14.4-1
freedesktopdbus>= 0 < 1.14.4-11.14.4-1
freedesktopdbus>= 0 < 1.14.4-11.14.4-1
freedesktopdbus>= 0 < 1.12.2-1ubuntu1.41.12.2-1ubuntu1.4
freedesktopdbus>= 0 < 1.12.16-2ubuntu2.31.12.16-2ubuntu2.3
freedesktopdbus>= 0 < 1.12.20-2ubuntu4.11.12.20-2ubuntu4.1
freedesktopdbus>= 0 < 1.6.18-0ubuntu4.5+esm31.6.18-0ubuntu4.5+esm3
freedesktopdbus>= 0 < 1.10.6-1ubuntu3.6+esm21.10.6-1ubuntu3.6+esm2
freedesktopdbus>= 1.13.0 < 1.14.41.14.4
freedesktopdbus>= 1.15.0 < 1.15.21.15.2
msrccbl2_dbus_1.15.2-2_on_cbl_mariner_2.0
msrccm1_dbus_1.13.6-6_on_cbl_mariner_1.0

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM