CVE-2022-31212

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31212
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31212.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31212
Related
Published
2022-07-17T23:15:08Z
Modified
2024-09-18T03:20:31.619793Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.

References

Affected packages

Debian:11 / dbus-broker

Package

Name
dbus-broker
Purl
pkg:deb/debian/dbus-broker?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
26-1+deb11u1

Affected versions

Other

26-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / dbus-broker

Package

Name
dbus-broker
Purl
pkg:deb/debian/dbus-broker?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
30-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / dbus-broker

Package

Name
dbus-broker
Purl
pkg:deb/debian/dbus-broker?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
30-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/bus1/dbus-broker

Affected ranges

Type
GIT
Repo
https://github.com/bus1/dbus-broker
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4944daf06275aaccd2fcdbfea994c3cb7cec65d2

Affected versions

Other

v1
v10
v11
v12
v13
v14
v15
v16
v17
v18
v19
v1rc1
v1rc2
v1rc3
v1rc4
v2
v20
v21
v22
v23
v24
v25
v26
v27
v28
v29
v3
v30
v4
v5
v6
v7
v8
v9