The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) prior to 1.2.14 uses incorrect logic to validate a basic type, which allows remote malicious users to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
freedesktop dbus 0.13 |
||
freedesktop dbus 0.60 |
||
freedesktop dbus 1.1.2 |
||
freedesktop dbus 0.34 |
||
freedesktop dbus 0.92 |
||
freedesktop dbus 0.50 |
||
freedesktop dbus |
||
freedesktop dbus 0.35.1 |
||
freedesktop dbus 0.5 |
||
freedesktop dbus 0.36.1 |
||
freedesktop dbus 0.33 |
||
freedesktop dbus 1.0 |
||
freedesktop dbus 0.10 |
||
freedesktop dbus 0.11 |
||
freedesktop dbus 1.1.0 |
||
freedesktop dbus 0.2 |
||
freedesktop dbus 1.0.2 |
||
freedesktop dbus 1.1.20 |
||
freedesktop dbus 0.9 |
||
freedesktop dbus 1.2.1 |
||
freedesktop dbus 0.23.2 |
||
freedesktop dbus 0.35 |
||
freedesktop dbus 0.91 |
||
freedesktop dbus 0.6 |
||
freedesktop dbus 0.8 |
||
freedesktop dbus 0.36 |
||
freedesktop dbus 0.32 |
||
freedesktop dbus 0.22 |
||
freedesktop dbus 1.1.1 |
||
freedesktop dbus 0.4 |
||
freedesktop dbus 0.61 |
||
freedesktop dbus 0.21 |
||
freedesktop dbus 0.35.2 |
||
freedesktop dbus 0.23.3 |
||
freedesktop dbus 0.20 |
||
freedesktop dbus 0.7 |
||
freedesktop dbus 0.1 |
||
freedesktop dbus 0.62 |
||
freedesktop dbus 0.23.1 |
||
freedesktop dbus 0.3 |
||
freedesktop dbus 0.12 |
||
freedesktop dbus 0.90 |
||
freedesktop dbus 1.1.4 |
||
freedesktop dbus 0.36.2 |
||
freedesktop dbus 0.23 |
||
freedesktop dbus 0.31 |
Vulmon