Lucene search

PRIOn knowledge basePRION:CVE-2014-3635

HistorySep 22, 2014 - 3:55 p.m.

Heap overflow

2014-09-2215:55:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.

CPENameOperatorVersion
d-busle1.6.22
dbuseq1.6.4
dbuseq1.6.0
dbuseq1.8.0
dbuseq1.6.20
dbuseq1.6.10
dbuseq1.6.12
dbuseq1.6.16
dbuseq1.6.8
dbuseq1.6.14

Name	Operator	Version
d-bus	le	1.6.22
dbus	eq	1.6.4
dbus	eq	1.6.0
dbus	eq	1.8.0
dbus	eq	1.6.20
dbus	eq	1.6.10
dbus	eq	1.6.12
dbus	eq	1.6.16
dbus	eq	1.6.8
dbus	eq	1.6.14

Rows per page:

1-10 of 171

References

advisories.mageia.org/MGASA-2014-0395.html

lists.opensuse.org/opensuse-updates/2014-09/msg00049.html

secunia.com/advisories/61378

www.debian.org/security/2014/dsa-3026

www.mandriva.com/security/advisories?name=MDVSA-2015:176

www.openwall.com/lists/oss-security/2014/09/16/9

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securitytracker.com/id/1030864

www.ubuntu.com/usn/USN-2352-1

bugs.freedesktop.org/show_bug.cgi?id=83622