An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
References
Link | Resource |
---|---|
https://gitlab.freedesktop.org/dbus/dbus/-/issues/418 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/ | Mailing List |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/ | Mailing List |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/ | Mailing List |
https://security.gentoo.org/glsa/202305-08 | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2022/10/06/1 | Mailing List Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
27 Dec 2023, 16:49
Type | Values Removed | Values Added |
---|---|---|
CPE | ||
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/ - Mailing List | |
References | () https://security.gentoo.org/glsa/202305-08 - Third Party Advisory |
27 Dec 2023, 16:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:* | |
First Time |
Freedesktop
Freedesktop dbus |
07 Nov 2023, 03:53
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
03 May 2023, 12:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Dec 2022, 22:41
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
14 Nov 2022, 15:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2022, 16:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Fedoraproject fedora |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/ - Mailing List, Third Party Advisory |
26 Oct 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Oct 2022, 15:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Oct 2022, 18:48
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:* | |
First Time |
D-bus Project
D-bus Project d-bus |
|
References | (CONFIRM) https://www.openwall.com/lists/oss-security/2022/10/06/1 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://gitlab.freedesktop.org/dbus/dbus/-/issues/418 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | CWE-347 |
10 Oct 2022, 02:12
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-10 00:15
Updated : 2023-12-27 16:49
NVD link : CVE-2022-42010
Mitre link : CVE-2022-42010
CVE.ORG link : CVE-2022-42010
JSON object : View
Products Affected
freedesktop
- dbus
fedoraproject
- fedora
CWE
CWE-347
Improper Verification of Cryptographic Signature