Fluid Attacks Database

Description

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	dbus	>=0 <1.8.6-1	1.8.6-1
debian 13	dbus	>=0 <1.8.6-1	1.8.6-1
debian 11	dbus	>=0 <1.8.6-1	1.8.6-1
debian 14	dbus	>=0 <1.8.6-1	1.8.6-1
rpm rhel5	dbus	-	-
rpm rhel7	dbus	-	-
rpm rhel6	dbus	-	-

Aliases

1. CVE-2014-35322. NVD-2014-35323. OSV-DEBIAN-2014-35324. OSV-2014-35325. SECURITY-TRACKER-CVE-2014-3532

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.