CVE-2022-42012
published 2022-10-10CVE-2022-42012: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dbus | < dbus 1.14.4-1 (bookworm) | dbus 1.14.4-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| freedesktop | dbus | < 1.12.24 | 1.12.24 |
| freedesktop | dbus | >= 0 < 1.12.24-0+deb11u1 | 1.12.24-0+deb11u1 |
| freedesktop | dbus | >= 0 < 1.14.4-1 | 1.14.4-1 |
| freedesktop | dbus | >= 0 < 1.14.4-1 | 1.14.4-1 |
| freedesktop | dbus | >= 0 < 1.14.4-1 | 1.14.4-1 |
| freedesktop | dbus | >= 0 < 1.12.2-1ubuntu1.4 | 1.12.2-1ubuntu1.4 |
| freedesktop | dbus | >= 0 < 1.12.16-2ubuntu2.3 | 1.12.16-2ubuntu2.3 |
| freedesktop | dbus | >= 0 < 1.12.20-2ubuntu4.1 | 1.12.20-2ubuntu4.1 |
| freedesktop | dbus | >= 0 < 1.6.18-0ubuntu4.5+esm3 | 1.6.18-0ubuntu4.5+esm3 |
| freedesktop | dbus | >= 0 < 1.10.6-1ubuntu3.6+esm2 | 1.10.6-1ubuntu3.6+esm2 |
| freedesktop | dbus | >= 1.13.0 < 1.14.4 | 1.14.4 |
| freedesktop | dbus | >= 1.15.0 < 1.15.2 | 1.15.2 |
| msrc | cbl2_dbus_1.15.2-2_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_dbus_1.13.6-6_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM