Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2014-3638

Published: 22/09/2014 Updated: 27/12/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to D-bus Project

Vulnerability Summary

The bus_connections_check_reply function in config-parser.c in D-Bus prior to 1.6.24 and 1.8.x prior to 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

d-bus project d-bus

freedesktop dbus 1.6.4

freedesktop dbus 1.6.0

freedesktop dbus 1.8.0

freedesktop dbus 1.6.20

freedesktop dbus 1.6.10

freedesktop dbus 1.6.12

freedesktop dbus 1.6.16

freedesktop dbus 1.6.8

freedesktop dbus 1.6.14

freedesktop dbus 1.6.6

freedesktop dbus 1.8.6

freedesktop dbus 1.6.18

freedesktop dbus 1.8.4

freedesktop dbus 1.8.2

freedesktop dbus 1.6.2

opensuse opensuse 12.3

Vendor Advisories

Ubuntu Security Notice: dbus vulnerabilities
Several security issues were fixed in DBus ...
Debian Security Advisories: DSA-3026-1 dbus -- security update
Alban Crequy and Simon McVittie discovered several vulnerabilities in the D-Bus message daemon CVE-2014-3635 On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution CVE-2014-3636 A denial-of-service vulnerab ...
Red Hat: CVE-2014-3638
The bus_connections_check_reply function in config-parserc in D-Bus before 1624 and 18x before 188 allows local users to cause a denial of service (CPU consumption) via a large number of method calls ...

References

CWE-399http://www.openwall.com/lists/oss-security/2014/09/16/9http://secunia.com/advisories/61378https://bugs.freedesktop.org/show_bug.cgi?id=81053http://www.debian.org/security/2014/dsa-3026http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.htmlhttp://www.ubuntu.com/usn/USN-2352-1http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:176http://advisories.mageia.org/MGASA-2014-0395.htmlhttp://www.securitytracker.com/id/1030864http://secunia.com/advisories/61431https://usn.ubuntu.com/2352-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3638
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook