An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dbus | Freedesktop | * | 1.12.24 (excluding) |
| Dbus | Freedesktop | 1.13.0 (including) | 1.14.4 (excluding) |
| Dbus | Freedesktop | 1.15.0 (including) | 1.15.2 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | dbus-1:1.12.8-23.el8_7.1 | * |
| Red Hat Enterprise Linux 8 | RedHat | dbus-1:1.12.8-23.el8_7.1 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | dbus-1:1.12.8-18.el8_6.2 | * |
| Red Hat Enterprise Linux 9 | RedHat | dbus-1:1.12.20-7.el9_1 | * |
| Red Hat Enterprise Linux 9 | RedHat | dbus-1:1.12.20-7.el9_1 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | dbus-1:1.12.20-5.el9_0.1 | * |
| Dbus | Ubuntu | bionic | * |
| Dbus | Ubuntu | esm-infra/xenial | * |
| Dbus | Ubuntu | focal | * |
| Dbus | Ubuntu | jammy | * |
| Dbus | Ubuntu | kinetic | * |
| Dbus | Ubuntu | lunar | * |
| Dbus | Ubuntu | trusty | * |
| Dbus | Ubuntu | trusty/esm | * |
| Dbus | Ubuntu | upstream | * |
| Dbus | Ubuntu | xenial | * |