// For flags

CVE-2022-42011

dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

Se ha detectado un problema en D-Bus versiones anteriores a 1.12.24, versiones 1.13.x y 1.14.x anteriores a 1.14.4, y versiones 1.15.x anteriores a 1.15.2. Un atacante autenticado puede causar que dbus-daemon y otros programas que usan libdbus sean bloqueados cuando reciben un mensaje en el que la longitud de un array es inconsistente con el tamaƱo del tipo de elemento

A vulnerability found in D-bus. This flaw allows an authenticated attacker to cause dbus-daemon and other programs that use libdbus to crash when receiving a message whose array length is inconsistent with the size of the element type.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-10-03 CVE Reserved
  • 2022-10-09 CVE Published
  • 2024-05-30 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-129: Improper Validation of Array Index
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Freedesktop
Search vendor "Freedesktop"
Dbus
Search vendor "Freedesktop" for product "Dbus"
< 1.12.24
Search vendor "Freedesktop" for product "Dbus" and version " < 1.12.24"
-
Affected
Freedesktop
Search vendor "Freedesktop"
Dbus
Search vendor "Freedesktop" for product "Dbus"
>= 1.13.0 < 1.14.4
Search vendor "Freedesktop" for product "Dbus" and version " >= 1.13.0 < 1.14.4"
-
Affected
Freedesktop
Search vendor "Freedesktop"
Dbus
Search vendor "Freedesktop" for product "Dbus"
>= 1.15.0 < 1.15.2
Search vendor "Freedesktop" for product "Dbus" and version " >= 1.15.0 < 1.15.2"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
35
Search vendor "Fedoraproject" for product "Fedora" and version "35"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
36
Search vendor "Fedoraproject" for product "Fedora" and version "36"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
37
Search vendor "Fedoraproject" for product "Fedora" and version "37"
-
Affected