Fluid Attacks Database

Description

The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	policykit-1	>=0 <0.105-11	0.105-11
debian 11	policykit-1	>=0 <0.105-11	0.105-11
debian 12	policykit-1	>=0 <0.105-11	0.105-11
debian 13	policykit-1	>=0 <0.105-11	0.105-11
rpm rhel7	polkit	-	-

Aliases

1. CVE-2015-32182. NVD-2015-32183. OSV-DEBIAN-2015-32184. OSV-2015-32185. SECURITY-TRACKER-CVE-2015-3218

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.