CVE-2014-3635

Published: Sep 22, 2014Modified: May 6, 2026

4.4

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 3.4 / Impact: 6.4

Source: NVD

Description

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.

Affected (17)

Products: D Bus Project: D Bus · Freedesktop: Dbus · Opensuse: Opensuse

1 product

1 product

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
D Bus Project D Bus	Up to 1.6.22
Freedesktop Dbus	Version 1.6.0
Freedesktop Dbus	Version 1.6.10
Freedesktop Dbus	Version 1.6.12
Freedesktop Dbus	Version 1.6.14
Freedesktop Dbus	Version 1.6.16
Freedesktop Dbus	Version 1.6.18
Freedesktop Dbus	Version 1.6.20
Freedesktop Dbus	Version 1.6.2
Freedesktop Dbus	Version 1.6.4
Freedesktop Dbus	Version 1.6.6
Freedesktop Dbus	Version 1.6.8
Freedesktop Dbus	Version 1.8.0
Freedesktop Dbus	Version 1.8.2
Freedesktop Dbus	Version 1.8.4
Freedesktop Dbus	Version 1.8.6

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.3

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (20)

http://advisories.mageia.org/MGASA-2014-0395.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html

Source: secalert@redhat.com

http://secunia.com/advisories/61378

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-3026

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2015:176

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2014/09/16/9

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: secalert@redhat.com

http://www.securitytracker.com/id/1030864

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2352-1

Source: secalert@redhat.com

https://bugs.freedesktop.org/show_bug.cgi?id=83622

Source: secalert@redhat.com

Patch

http://advisories.mageia.org/MGASA-2014-0395.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/61378

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-3026

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2015:176

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/09/16/9

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030864

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2352-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.freedesktop.org/show_bug.cgi?id=83622

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.