Vulnerability Details : CVE-2014-3532
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-3532
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3532
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3532
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2014-3532
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3532
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:176
mandriva.comThird Party Advisory
-
https://bugs.freedesktop.org/show_bug.cgi?id=80163
80163 – CVE-2014-3532: kick any connection off the bus with fdpassing: denial of serviceIssue Tracking;Patch;Third Party Advisory
-
http://secunia.com/advisories/59798
Sign inThird Party Advisory
-
http://openwall.com/lists/oss-security/2014/07/02/4
oss-security - CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemonMailing List;Third Party Advisory
-
http://secunia.com/advisories/60236
Sign inThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html
openSUSE-SU-2014:1239-1: moderate: dbus-1: update to 1.6.24Mailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Oracle Solaris Bulletin - January 2016Third Party Advisory
-
http://secunia.com/advisories/59611
Sign inThird Party Advisory
-
http://advisories.mageia.org/MGASA-2014-0294.html
Mageia Advisory: MGASA-2014-0294 - Updated dbus packages fix multiple vulnerabilitiesThird Party Advisory
-
http://www.debian.org/security/2014/dsa-2971
Debian -- Security Information -- DSA-2971-1 dbusThird Party Advisory
Jump to