Improper input validation in D-bus_project D-bus

CVE-2011-2200

The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial o…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (26.9th percentile) — read the EPSS interpretation.

Affected products

D-bus_project D-bus — versions 1.2.4.2, 1.2.4.4, 1.2.4.6
Freedesktop Dbus — versions 1.5.0, 1.5.2, 1.4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

[oss-security] 20110613 Re: CVE Request -- dbus -- Local DoS via messages with non-native byte order (mailing-list, x_refsource_MLIST, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (x_refsource_CONFIRM)
[dbus] 20110530 D-Bus daemon big and little endian issue (mailing-list, x_refsource_MLIST)
RHSA-2011:1132 (x_refsource_REDHAT, vendor-advisory)
dbus-nonnative-dos(67974) (vdb-entry, x_refsource_XF)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
44896 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)