CVE-2022-42010

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

References

Affected packages

Git / gitlab.freedesktop.org/dbus/dbus

Affected ranges

Type

GIT

Repo

https://gitlab.freedesktop.org/dbus/dbus

Events

Introduced

Fixed

5ff925648e88ba29cef7d708bc2bbc5d6de5fc48

Introduced

ee84f84a3fde6bc3d3c5e1c11adeab8f1af6db44

Fixed

8501a73dfe923ad273229b7c45925d4abe4cca7e

Introduced

2770215f6cc31cf4723c71cfc67d2a505225d659

Fixed

ed866a94889e13c83dc873d8b5f86a907f908456

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.12.24"
        },
        {
            "introduced": "1.13.0"
        },
        {
            "fixed": "1.14.4"
        },
        {
            "introduced": "1.15.0"
        },
        {
            "fixed": "1.15.2"
        }
    ]
}

Affected versions

dbus-1.*

dbus-1.13.0

dbus-1.13.10

dbus-1.13.12

dbus-1.13.14

dbus-1.13.16

dbus-1.13.18

dbus-1.13.2

dbus-1.13.20

dbus-1.13.22

dbus-1.13.4

dbus-1.13.6

dbus-1.13.8

dbus-1.14.0

dbus-1.14.2

dbus-1.15.0

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "36"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "37"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42010.json"