fkie_cve-2013-2168
Vulnerability from fkie_nvd
Published
2013-07-03 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
References
secalert@redhat.comhttp://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html
secalert@redhat.comhttp://lists.freedesktop.org/archives/dbus/2013-June/015696.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
secalert@redhat.comhttp://secunia.com/advisories/53317Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/53832Vendor Advisory
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2707
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:177
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/06/13/2
secalert@redhat.comhttp://www.securityfocus.com/bid/60546
secalert@redhat.comhttp://www.securitytracker.com/id/1028667
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1874-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=974109
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html
af854a3a-2127-422b-91ae-364da2661108http://lists.freedesktop.org/archives/dbus/2013-June/015696.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53317Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53832Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2707
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:177
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/06/13/2
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/60546
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1028667
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1874-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=974109
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881
Impacted products
Vendor Product Version
freedesktop dbus 1.4.0
freedesktop dbus 1.4.1
freedesktop dbus 1.4.4
freedesktop dbus 1.4.6
freedesktop dbus 1.4.8
freedesktop dbus 1.4.10
freedesktop dbus 1.4.12
freedesktop dbus 1.4.14
freedesktop dbus 1.4.16
freedesktop dbus 1.4.18
freedesktop dbus 1.4.20
freedesktop dbus 1.4.24
freedesktop dbus 1.7.0
freedesktop dbus 1.7.2
freedesktop dbus 1.6.0
freedesktop dbus 1.6.2
freedesktop dbus 1.6.4
freedesktop dbus 1.6.6
freedesktop dbus 1.6.8
freedesktop dbus 1.6.10
freedesktop dbus 1.6.16
opensuse opensuse 12.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D95FA2A-9CFB-4B02-A849-36431874AB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4B9649-3F37-4700-A900-2D0EDFAB1FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70C7FEDA-AE1E-4BD9-8998-9A6C01F80277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71648B78-E1D4-4F74-B029-F6ECE65E84A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3C815C-E979-45DF-AA05-1A2CAF4DF910",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E72AD88-640C-4B27-9A56-570151667FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D986A4B-827C-4064-9004-E4D6FA524FFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7197910-4381-4D23-85A1-5348D20AAD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1059BE8-1044-4DC7-9B41-E76A56225000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "2124D0C2-21A6-4C72-97B9-A53BCDA697DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "1646C38B-596F-4614-93FC-0BFB88E9F034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "9914C4DF-2B1B-416E-BE8A-274676F8CDA5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1962D7CC-418B-4D27-A3D1-03D2AC001AC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F81D07-F1B6-4B99-B80E-BE2D9432F59A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A772FA8-668B-45AC-9813-0B5ADCE91DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E155EB75-8D98-4469-98CB-81A40ABF0D9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6AF8D8-6A4E-4A42-A738-84690B6F9FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E598FE36-ABEB-4682-950A-E462CC780F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE224CED-410C-43D8-9220-0AEF5EB49C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24ED739-0B39-4A70-B7E0-8A859759233D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22CA4E4-458D-465A-8272-473055A608EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n _dbus_printf_string_upper_bound en dbus/dbus-sysdeps-unix.c en D-Bus (aka DBus) 1.4.x anterior a 1.4.26, 1.6.x anterior a 1.6.12, y 1.7.x anterior a 1.7.4, permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio) a trav\u00e9s de un mensaje manipulado."
    }
  ],
  "id": "CVE-2013-2168",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-03T18:55:01.080",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53317"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53832"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2013/dsa-2707"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/06/13/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/60546"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1028667"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1874-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974109"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.freedesktop.org/archives/dbus/2013-June/015696.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2013/dsa-2707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/06/13/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/60546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1874-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=974109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.