CVE-2022-42010

Summary

CVE	CVE-2022-42010
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-10-10 00:15:00 UTC
Updated	2023-12-27 16:49:00 UTC
Description	An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

Risk And Classification

Problem Types: CWE-347

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	D-bus Project	D-bus	All	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Application	Freedesktop	Dbus	All	All	All	All

References

Reference	Source	Link	Tags
oss-security - dbus denial of service: CVE-2022-42010, -42011, -42012	CONFIRM	www.openwall.com
[SECURITY] Fedora 35 Update: dbus-1.12.24-1.fc35 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 35 Update: dbus-1.12.24-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: dbus-1.14.4-1.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: dbus-1.14.4-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: dbus-1.14.4-1.fc37 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
D-Bus: Multiple Vulnerabilities (GLSA 202305-08) — Gentoo security	GENTOO	security.gentoo.org
CVE-2022-42010: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets (#418) · Issues · dbus / dbus · GitLab	MISC	gitlab.freedesktop.org
[SECURITY] Fedora 36 Update: dbus-1.14.4-1.fc36 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160384 Oracle Enterprise Linux Security Update for dbus (ELSA-2023-0096)
160412 Oracle Enterprise Linux Security Update for dbus (ELSA-2023-0335)
181115 Debian Security Update for dbus (DSA 5250-1)
181123 Debian Security Update for dbus (DLA 3142-1)
184292 Debian Security Update for dbus (CVE-2022-42010)
199010 Ubuntu Security Notification for DBus Vulnerabilities (USN-5704-1)
240961 Red Hat Update for dbus (RHSA-2022:8812)
241006 Red Hat Update for dbus (RHSA-2022:8977)
241057 Red Hat Update for dbus (RHSA-2023:0096)
241099 Red Hat Update for dbus (RHSA-2023:0335)
283203 Fedora Security Update for dbus (FEDORA-2022-076544c8aa)
283245 Fedora Security Update for dbus (FEDORA-2022-7a963a79d1)
354432 Amazon Linux Security Advisory for dbus : ALAS2022-2022-260
354545 Amazon Linux Security Advisory for dbus : ALAS-2022-260
354850 Amazon Linux Security Advisory for dbus : ALAS2-2023-2006
354898 Amazon Linux Security Advisory for dbus : ALAS-2023-1730
355277 Amazon Linux Security Advisory for dbus : ALAS2023-2023-100
377951 Alibaba Cloud Linux Security Update for dbus (ALINUX3-SA-2023:0013)
502525 Alpine Linux Security Update for dbus
502528 Alpine Linux Security Update for dbus
503892 Alpine Linux Security Update for dbus
6140345 AWS Bottlerocket Security Update for libdbus (GHSA-2jrr-88f8-fqq6)
672415 EulerOS Security Update for dbus (EulerOS-SA-2022-2791)
672492 EulerOS Security Update for dbus (EulerOS-SA-2023-1031)
672506 EulerOS Security Update for dbus (EulerOS-SA-2023-1006)
672540 EulerOS Security Update for dbus (EulerOS-SA-2023-1120)
672562 EulerOS Security Update for dbus (EulerOS-SA-2023-1096)
672624 EulerOS Security Update for dbus (EulerOS-SA-2023-1380)
672637 EulerOS Security Update for dbus (EulerOS-SA-2023-1352)
672743 EulerOS Security Update for dbus (EulerOS-SA-2023-1497)
710706 Gentoo Linux D-Bus Multiple Vulnerabilities (GLSA 202305-08)
752741 SUSE Enterprise Linux Security Update for dbus-1 (SUSE-SU-2022:3806-1)
752742 SUSE Enterprise Linux Security Update for dbus-1 (SUSE-SU-2022:3805-1)
752743 SUSE Enterprise Linux Security Update for dbus-1 (SUSE-SU-2022:3804-1)
752939 SUSE Enterprise Linux Security Update for dbus-1 (SUSE-SU-2022:4295-1)
904168 Common Base Linux Mariner (CBL-Mariner) Security Update for dbus (11088)
904174 Common Base Linux Mariner (CBL-Mariner) Security Update for dbus (11091)
904407 Common Base Linux Mariner (CBL-Mariner) Security Update for dbus (11091-1)
905471 Common Base Linux Mariner (CBL-Mariner) Security Update for dbus (11088-1)
940872 AlmaLinux Security Update for dbus (ALSA-2023:0096)
940907 AlmaLinux Security Update for dbus (ALSA-2023:0335)
960484 Rocky Linux Security Update for dbus (RLSA-2023:0096)
960513 Rocky Linux Security Update for dbus (RLSA-2023:0335)