CVE-2022-31212

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31212

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31212.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31212

Downstream

DEBIAN-CVE-2022-31212

OESA-2022-2116

RHSA-2022:6608

UBUNTU-CVE-2022-31212

openSUSE-SU-2022:10030-1

Related

Published

2022-07-17T23:15:08Z

Modified

2025-10-21T07:05:54.245743Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.

References

Affected packages

Git / github.com/bus1/dbus-broker

Affected ranges

Type: GIT
Repo: https://github.com/bus1/dbus-broker
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4944daf06275aaccd2fcdbfea994c3cb7cec65d2

Affected versions

Other

v1

v10

v11

v12

v13

v14

v15

v16

v17

v18

v19

v1rc1

v1rc2

v1rc3

v1rc4

v2

v20

v21

v22

v23

v24

v25

v26

v27

v28

v29

v3

v30

v4

v5

v6

v7

v8

v9