CVE-2013-2168

Published: Jul 3, 2013Modified: Apr 29, 2026

1.9

Vector

AV:L/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 3.4 / Impact: 2.9

Source: NVD

Description

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.

Affected (22)

Products: Freedesktop: Dbus · Opensuse: Opensuse

1 product

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Freedesktop Dbus	Version 1.4.0
Freedesktop Dbus	Version 1.4.10
Freedesktop Dbus	Version 1.4.12
Freedesktop Dbus	Version 1.4.14
Freedesktop Dbus	Version 1.4.16
Freedesktop Dbus	Version 1.4.18
Freedesktop Dbus	Version 1.4.1
Freedesktop Dbus	Version 1.4.20
Freedesktop Dbus	Version 1.4.24
Freedesktop Dbus	Version 1.4.4
Freedesktop Dbus	Version 1.4.6
Freedesktop Dbus	Version 1.4.8

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Freedesktop Dbus	Version 1.7.0
Freedesktop Dbus	Version 1.7.2

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Freedesktop Dbus	Version 1.6.0
Freedesktop Dbus	Version 1.6.10
Freedesktop Dbus	Version 1.6.16
Freedesktop Dbus	Version 1.6.2
Freedesktop Dbus	Version 1.6.4
Freedesktop Dbus	Version 1.6.6
Freedesktop Dbus	Version 1.6.8

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (32)

http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html

Source: secalert@redhat.com

http://lists.freedesktop.org/archives/dbus/2013-June/015696.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html

Source: secalert@redhat.com

http://secunia.com/advisories/53317

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/53832

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2013/dsa-2707

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2013:177

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/06/13/2

Source: secalert@redhat.com

http://www.securityfocus.com/bid/60546

Source: secalert@redhat.com

http://www.securitytracker.com/id/1028667

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1874-1

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=974109

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881

Source: secalert@redhat.com

http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.freedesktop.org/archives/dbus/2013-June/015696.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/53317

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/53832

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2013/dsa-2707

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2013:177

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/06/13/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/60546

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1028667

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1874-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=974109

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.