Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2014-3635

Published: 22/09/2014 Updated: 27/12/2023
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to D-bus

Vulnerability Summary

Off-by-one error in D-Bus 1.3.0 up to and including 1.6.x prior to 1.6.24 and 1.8.x prior to 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

d-bus project d-bus

freedesktop dbus 1.6.4

freedesktop dbus 1.6.0

freedesktop dbus 1.8.0

freedesktop dbus 1.6.20

freedesktop dbus 1.6.10

freedesktop dbus 1.6.12

freedesktop dbus 1.6.16

freedesktop dbus 1.6.8

freedesktop dbus 1.6.14

freedesktop dbus 1.6.6

freedesktop dbus 1.8.6

freedesktop dbus 1.6.18

freedesktop dbus 1.8.4

freedesktop dbus 1.8.2

freedesktop dbus 1.6.2

opensuse opensuse 12.3

Vendor Advisories

Ubuntu Security Notice: dbus vulnerabilities
Several security issues were fixed in DBus ...
Debian Security Advisories: DSA-3026-1 dbus -- security update
Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon CVE-2014-3635 On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution CVE-2014-3636 A denial-of-service vulnerab ...
Red Hat: CVE-2014-3635
Off-by-one error in D-Bus 130 through 16x before 1624 and 18x before 188, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a he ...

References

CWE-119http://secunia.com/advisories/61378https://bugs.freedesktop.org/show_bug.cgi?id=83622http://www.openwall.com/lists/oss-security/2014/09/16/9http://www.debian.org/security/2014/dsa-3026http://www.ubuntu.com/usn/USN-2352-1http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:176http://advisories.mageia.org/MGASA-2014-0395.htmlhttp://www.securitytracker.com/id/1030864http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttps://usn.ubuntu.com/2352-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3635
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook