CVE-2022-42012

Name
CVE-2022-42012
Description
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://www.openwall.com/lists/oss-security/2022/10/06/1
MISC https://gitlab.freedesktop.org/dbus/dbus/-/issues/417
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/
GENTOO https://security.gentoo.org/glsa/202305-08
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:* d-bus >= 1.15.0 < 1.15.2
cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:* d-bus >= 1.13.0 < 1.14.4
cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:* d-bus >= 1.12.0 < 1.12.24
cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:* d-bus >= None < 1.12.24
cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:* dbus >= None < 1.12.24
cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:* dbus >= 1.13.0 < 1.14.4
cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:* dbus >= 1.15.0 < 1.15.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
dbus 3.14-main 1.12.24-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
dbus 3.13-main 1.12.24-r0 Natanael Copa <ncopa@alpinelinux.org> fixed