CVE-2023-34969

CWE-404CWE-617Reachable AssertionCWE-400Uncontrolled Resource Consumption8 documents8 sources
Severity
6.5MEDIUM
EPSS
0.7%
top 28.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Freedesktop DbusDebian Debian LinuxFedoraproject Fedora
Timeline
PublishedJun 8
Latest updateSep 14

Description

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDfreedesktop/dbus1.12.01.12.28+2
Debiandbus< 1.12.28-0+deb11u1+3

Also affects: Debian Linux 10.0, Fedora 38

Patches

Patch: gitlab.freedesktop.orgPatch: gitlab.freedesktop.org

🔴Vulnerability Details

3
OSV
CVE-2023-34969: D-Bus before 12023-06-08
CVEList
CVE-2023-34969: D-Bus before 12023-06-08
GHSA
GHSA-q652-p9gf-vfq3: D-Bus before 12023-06-08

📋Vendor Advisories

4
Ubuntu
DBus vulnerability2023-09-14
Microsoft
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor m2023-06-13
Red Hat
dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered2023-06-06
Debian
CVE-2023-34969: dbus - D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If...2023
CVE-2023-34969 (MEDIUM CVSS 6.5) | D-Bus before 1.15.6 sometimes allow | cvebase.io