Vulnerability Details : CVE-2013-2168
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2013-2168
- cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2168
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2168
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:N/I:N/A:P |
3.4
|
2.9
|
NIST |
CWE ids for CVE-2013-2168
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2168
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:177
mandriva.com
-
http://lists.opensuse.org/opensuse-updates/2013-07/msg00003.html
openSUSE-SU-2013:1118-1: moderate: update for dbus-1
-
http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7
dbus/dbus - a lightweight ipc mechanism (mirrored from https://gitlab.freedesktop.org/dbus/dbus)
-
http://secunia.com/advisories/53317
Sign inVendor Advisory
-
http://www.openwall.com/lists/oss-security/2013/06/13/2
oss-security - CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound
-
http://www.securityfocus.com/bid/60546
D-Bus '_dbus_printf_string_upper_bound()' Function Denial of Service Vulnerability
-
http://www.securitytracker.com/id/1028667
D-Bus _dbus_printf_string_upper_bound() Error Lets Local Users Deny Service - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
openSUSE-SU-2014:1239-1: moderate: dbus-1: update to 1.6.24
-
http://www.ubuntu.com/usn/USN-1874-1
USN-1874-1: DBus vulnerability | Ubuntu security notices
-
http://www.debian.org/security/2013/dsa-2707
Debian -- Security Information -- DSA-2707-1 dbus
-
http://lists.freedesktop.org/archives/dbus/2013-June/015696.html
CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109896.html
[SECURITY] Fedora 18 Update: dbus-1.6.12-1.fc18
-
https://bugzilla.redhat.com/show_bug.cgi?id=974109
974109 – (CVE-2013-2168) CVE-2013-2168 dbus: Crash of system services that use libdbus (DoS) due to non-portable use of va_list in UNIX format string wrapper
-
http://secunia.com/advisories/53832
Sign inVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/110114.html
[SECURITY] Fedora 19 Update: dbus-1.6.12-1.fc19
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16881
Repository / Oval Repository
Jump to