CVE-2022-31212

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31212
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31212.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31212
Downstream
Related
Published
2022-07-17T23:15:08.977Z
Modified
2025-11-20T12:05:42.762141Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.

References

Affected packages

Git / github.com/bus1/dbus-broker

Affected ranges

Type
GIT
Repo
https://github.com/bus1/dbus-broker
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4944daf06275aaccd2fcdbfea994c3cb7cec65d2

Affected versions

Other

v1
v10
v11
v12
v13
v14
v15
v16
v17
v18
v19
v1rc1
v1rc2
v1rc3
v1rc4
v2
v20
v21
v22
v23
v24
v25
v26
v27
v28
v29
v3
v30
v4
v5
v6
v7
v8
v9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31212.json"