CVE-2022-42012
Summary
| CVE | CVE-2022-42012 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-10 00:15:00 UTC |
| Updated | 2023-12-27 16:49:00 UTC |
| Description | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | D-bus Project | D-bus | All | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Application | Freedesktop | Dbus | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - dbus denial of service: CVE-2022-42010, -42011, -42012 | CONFIRM | www.openwall.com | |
| [SECURITY] Fedora 35 Update: dbus-1.12.24-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 35 Update: dbus-1.12.24-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: dbus-1.14.4-1.fc37 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: dbus-1.14.4-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: dbus-1.14.4-1.fc37 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE-2022-42012: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly (#417) · Issues · dbus / dbus · GitLab | MISC | gitlab.freedesktop.org | |
| D-Bus: Multiple Vulnerabilities (GLSA 202305-08) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] Fedora 36 Update: dbus-1.14.4-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160384 Oracle Enterprise Linux Security Update for dbus (ELSA-2023-0096)
- 160412 Oracle Enterprise Linux Security Update for dbus (ELSA-2023-0335)
- 181115 Debian Security Update for dbus (DSA 5250-1)
- 181123 Debian Security Update for dbus (DLA 3142-1)
- 184625 Debian Security Update for dbus (CVE-2022-42012)
- 199010 Ubuntu Security Notification for DBus Vulnerabilities (USN-5704-1)
- 240961 Red Hat Update for dbus (RHSA-2022:8812)
- 241006 Red Hat Update for dbus (RHSA-2022:8977)
- 241057 Red Hat Update for dbus (RHSA-2023:0096)
- 241099 Red Hat Update for dbus (RHSA-2023:0335)
- 283203 Fedora Security Update for dbus (FEDORA-2022-076544c8aa)
- 283245 Fedora Security Update for dbus (FEDORA-2022-7a963a79d1)
- 354432 Amazon Linux Security Advisory for dbus : ALAS2022-2022-260
- 354545 Amazon Linux Security Advisory for dbus : ALAS-2022-260
- 354850 Amazon Linux Security Advisory for dbus : ALAS2-2023-2006
- 354898 Amazon Linux Security Advisory for dbus : ALAS-2023-1730
- 355277 Amazon Linux Security Advisory for dbus : ALAS2023-2023-100
- 377951 Alibaba Cloud Linux Security Update for dbus (ALINUX3-SA-2023:0013)
- 502525 Alpine Linux Security Update for dbus
- 502528 Alpine Linux Security Update for dbus
- 503892 Alpine Linux Security Update for dbus
- 6140324 AWS Bottlerocket Security Update for libdbus (GHSA-rr99-8x9w-6hr2)
- 672415 EulerOS Security Update for dbus (EulerOS-SA-2022-2791)
- 672492 EulerOS Security Update for dbus (EulerOS-SA-2023-1031)
- 672506 EulerOS Security Update for dbus (EulerOS-SA-2023-1006)
- 672540 EulerOS Security Update for dbus (EulerOS-SA-2023-1120)
- 672562 EulerOS Security Update for dbus (EulerOS-SA-2023-1096)
- 672624 EulerOS Security Update for dbus (EulerOS-SA-2023-1380)
- 672637 EulerOS Security Update for dbus (EulerOS-SA-2023-1352)
- 672743 EulerOS Security Update for dbus (EulerOS-SA-2023-1497)
- 710706 Gentoo Linux D-Bus Multiple Vulnerabilities (GLSA 202305-08)
- 752741 SUSE Enterprise Linux Security Update for dbus-1 (SUSE-SU-2022:3806-1)
- 752742 SUSE Enterprise Linux Security Update for dbus-1 (SUSE-SU-2022:3805-1)
- 752743 SUSE Enterprise Linux Security Update for dbus-1 (SUSE-SU-2022:3804-1)
- 752939 SUSE Enterprise Linux Security Update for dbus-1 (SUSE-SU-2022:4295-1)
- 904170 Common Base Linux Mariner (CBL-Mariner) Security Update for dbus (11090)
- 904172 Common Base Linux Mariner (CBL-Mariner) Security Update for dbus (11093)
- 904396 Common Base Linux Mariner (CBL-Mariner) Security Update for dbus (11093-1)
- 905485 Common Base Linux Mariner (CBL-Mariner) Security Update for dbus (11090-1)
- 940872 AlmaLinux Security Update for dbus (ALSA-2023:0096)
- 940907 AlmaLinux Security Update for dbus (ALSA-2023:0335)
- 960484 Rocky Linux Security Update for dbus (RLSA-2023:0096)
- 960513 Rocky Linux Security Update for dbus (RLSA-2023:0335)