[Debian] Medium CVE: CVE-2022-42010/CVE-2022-42011/CVE-2022-42012: dbus: multiple CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Li Zhou |
Bug Description
CVE-2022-42010: https:/
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
CVE-2022-42011: https:/
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
CVE-2022-42012: https:/
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
Base Score: Medium
References:
https:/
https:/
https:/
https:/
['dbus_
CVE References
tags: | added: stx.9.0 stx.security |
Changed in starlingx: | |
assignee: | nobody → Li Zhou (lzhou2) |
Fixed by https:/ /review. opendev. org/c/starlingx /tools/ +/887352 which merged on July 12.