D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dbus | Freedesktop | 1.12.0 (including) | 1.12.28 (excluding) |
| Dbus | Freedesktop | 1.14.0 (including) | 1.14.8 (excluding) |
| Dbus | Freedesktop | 1.15.0 (including) | 1.15.6 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | dbus-1:1.12.8-24.el8_8.1 | * |
| Red Hat Enterprise Linux 8 | RedHat | dbus-1:1.12.8-24.el8_8.1 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | dbus-1:1.12.8-18.el8_6.3 | * |
| Red Hat Enterprise Linux 9 | RedHat | dbus-1:1.12.20-7.el9_2.1 | * |
| Red Hat Enterprise Linux 9 | RedHat | dbus-1:1.12.20-7.el9_2.1 | * |
| Dbus | Ubuntu | bionic | * |
| Dbus | Ubuntu | esm-infra/bionic | * |
| Dbus | Ubuntu | esm-infra/xenial | * |
| Dbus | Ubuntu | focal | * |
| Dbus | Ubuntu | jammy | * |
| Dbus | Ubuntu | kinetic | * |
| Dbus | Ubuntu | lunar | * |
| Dbus | Ubuntu | mantic | * |
| Dbus | Ubuntu | trusty | * |
| Dbus | Ubuntu | upstream | * |
| Dbus | Ubuntu | xenial | * |