Debian Dbus vulnerabilities

CVE-2023-34969 [MEDIUM] CVE-2023-34969: dbus - D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If... D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyab

CVE-2022-42011 [MEDIUM] CVE-2022-42011: dbus - An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4... An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. Scope: local bookworm: resolved (fixed in 1.14.4-1) bullseye: resolved

CVE-2022-42012 [MEDIUM] CVE-2022-42012: dbus - An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4... An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. Scope: local bookworm: resolved (fixed in 1.14.4-1) bullseye: resolved (fixed in 1.12.24-0+

CVE-2022-42010 [MEDIUM] CVE-2022-42010: dbus - An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4... An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. Scope: local bookworm: resolved (fixed in 1.14.4-1) bullseye: resolved (fixed in 1.12.24-0+deb11u1) forky

CVE-2020-35512 [HIGH] CVE-2020-35512: dbus - A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.1... A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the othe

CVE-2020-12049 [MEDIUM] CVE-2020-12049: dbus - An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdb... An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limi

CVE-2019-12749 [HIGH] CVE-2019-12749: dbus - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used i... dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechani

CVE-2015-0245 [LOW] CVE-2015-0245: dbus - D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1... D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. Scope: local bookworm: resolved (fixe

CVE-2014-3635 [MEDIUM] CVE-2014-3635: dbus - Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8... Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overf

CVE-2014-7824 [LOW] CVE-2014-7824: dbus - D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1... D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. Scope: local bookworm: resolved (fixed in 1.8.10-1) bull

CVE-2014-3638 [LOW] CVE-2014-3638: dbus - The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.... The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls. Scope: local bookworm: resolved (fixed in 1.8.8-1) bullseye: resolved (fixed in 1.8.8-1) forky: resolved (fixed in 1.8.8-1) sid: resolved (fixed in 1.8.8-1) trixie: r

CVE-2014-3636 [LOW] CVE-2014-3636: dbus - D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local user... D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendms

CVE-2014-3533 [LOW] CVE-2014-3533: dbus - dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a de... dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. Scope: local bookworm: resolved (fixed in 1.8.6-1) bullseye: resolved (fixed in 1.8.6-1) forky: resolved (fixed in 1.8.6-1) sid: resolv

CVE-2014-3532 [LOW] CVE-2014-3532: dbus - dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc... dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. Scope: local bookworm: resolved (fixed in

CVE-2014-3637 [LOW] CVE-2014-3637: dbus - D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly... D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. Scope: local bookworm: resolved (fixed in 1.8.8-1) bullseye: resolved (fixed in 1.8.8-1) forky: resolved (fixed in 1.8

CVE-2014-3639 [LOW] CVE-2014-3639: dbus - The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly ... The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections. Scope: local bookworm: resolved (fixed in 1.8.8-1) bullseye: resolved (fixed in 1.8.8-1) forky: resol

CVE-2014-3477 [MEDIUM] CVE-2014-3477: dbus - The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x bef... The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an ina

CVE-2013-2168 [LOW] CVE-2013-2168: dbus - The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bu... The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message. Scope: local bookworm: resolved (fixed in 1.6.12-1) bullseye: resolved (fixed in 1.6.12-1) forky: resolved (fixed in 1.6.12-1) si

CVE-2012-3524 [MEDIUM] CVE-2012-3524: dbus - libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X... libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus

CVE-2011-2533 [LOW] CVE-2011-2533: dbus - The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users ... The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. Scope: local bookworm: resolved (fixed in 1.3.2~git20100715.821f99c-1) bullseye: resolved (fixed in 1.3.2~git20100715.821f99c-1) forky: resolved (fixed in 1.3.2~git20100715.821f99c-1) sid: resolved (fixed in 1.3