Fluid Attacks Database

Description

xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' (with a space before the equals sign) and similar cases. Clients can intercept D-Bus messages they should not have access to. This vulnerability is fixed in 0.1.7.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	xdg-dbus-proxy	=0.1.2-2 \|\| >=0 <0.1.2-2+deb11u1	0.1.2-2+deb11u1
rpm rhel10	xdg-dbus-proxy	-	-
debian 14	xdg-dbus-proxy	=0.1.6-1 \|\| =0.1.6-2 \|\| >=0 <0.1.7-1	0.1.7-1
debian 12	xdg-dbus-proxy	=0.1.4-3 \|\| >=0 <0.1.4-3+deb12u1	0.1.4-3+deb12u1
debian 13	xdg-dbus-proxy	=0.1.6-1 \|\| >=0 <0.1.6-1+deb13u1	0.1.6-1+deb13u1
rpm rhel9	xdg-dbus-proxy	-	-

Aliases

1. CVE-2026-340802. NVD-2026-340803. OSV-DEBIAN-2026-340804. OSV-2026-340805. SECURITY-TRACKER-CVE-2026-34080

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.