CVE-2022-42011

Name
CVE-2022-42011
Description
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://www.openwall.com/lists/oss-security/2022/10/06/1
MISC https://gitlab.freedesktop.org/dbus/dbus/-/issues/413
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/
GENTOO https://security.gentoo.org/glsa/202305-08
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:* d-bus >= 1.15.0 < 1.15.2
cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:* d-bus >= 1.13.0 < 1.14.4
cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:* d-bus >= 1.12.0 < 1.12.24
cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:* d-bus >= None < 1.12.24
cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:* dbus >= None < 1.12.24
cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:* dbus >= 1.13.0 < 1.14.4
cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:* dbus >= 1.15.0 < 1.15.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
dbus 3.14-main 1.12.24-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
dbus 3.13-main 1.12.24-r0 Natanael Copa <ncopa@alpinelinux.org> fixed