CVE Vulnerabilities

CVE-2022-42012

Published: Oct 10, 2022 | Modified: Dec 27, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Affected Software

Name Vendor Start Version End Version
Dbus Freedesktop * 1.12.24 (excluding)
Dbus Freedesktop 1.13.0 (including) 1.14.4 (excluding)
Dbus Freedesktop 1.15.0 (including) 1.15.2 (excluding)
Red Hat Enterprise Linux 8 RedHat dbus-1:1.12.8-23.el8_7.1 *
Red Hat Enterprise Linux 8 RedHat dbus-1:1.12.8-23.el8_7.1 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat dbus-1:1.12.8-18.el8_6.2 *
Red Hat Enterprise Linux 9 RedHat dbus-1:1.12.20-7.el9_1 *
Red Hat Enterprise Linux 9 RedHat dbus-1:1.12.20-7.el9_1 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat dbus-1:1.12.20-5.el9_0.1 *
Dbus Ubuntu bionic *
Dbus Ubuntu esm-infra/xenial *
Dbus Ubuntu focal *
Dbus Ubuntu jammy *
Dbus Ubuntu kinetic *
Dbus Ubuntu lunar *
Dbus Ubuntu trusty *
Dbus Ubuntu trusty/esm *
Dbus Ubuntu upstream *
Dbus Ubuntu xenial *

References