PRIOn knowledge basePRION:CVE-2023-34969

HistoryJun 08, 2023 - 3:15 a.m.

Denial of service

2023-06-0803:15:00

PRIOn knowledge base

www.prio-n.com

denial of service

d-bus 1.15.6

unprivileged user

crash dbus-daemon

org.freedesktop.dbus.monitoring

system bus

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.6%

JSON

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.

CPENameOperatorVersion
debian_linuxeq10.0
fedoraeq38
dbusge1.15.0
dbuslt1.15.6
dbusge1.14.0
dbuslt1.14.8
dbusge1.12.0
dbuslt1.12.28

Name	Operator	Version
debian_linux	eq	10.0
fedora	eq	38
dbus	ge	1.15.0
dbus	lt	1.15.6
dbus	ge	1.14.0
dbus	lt	1.14.8
dbus	ge	1.12.0
dbus	lt	1.12.28

References

gitlab.freedesktop.org/dbus/dbus/-/issues/457

lists.debian.org/debian-lts-announce/2023/10/msg00033.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/

security.netapp.com/advisory/ntap-20231208-0007/