Improper input validation in Freedesktop Dbus

CVE-2013-2168

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted mes…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (25.8th percentile) — read the EPSS interpretation.

Affected products

Freedesktop Dbus — versions 1.4.0, 1.4.1, 1.4.4
Opensuse — versions 12.3
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

DSA-2707 (vendor-advisory, x_refsource_DEBIAN)
FEDORA-2013-11142 (x_refsource_FEDORA, vendor-advisory)
openSUSE-SU-2014:1239 (vendor-advisory, x_refsource_SUSE)
MDVSA-2013:177 (vendor-advisory, x_refsource_MANDRIVA)
openSUSE-SU-2013:1118 (vendor-advisory, x_refsource_SUSE)
53317 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
FEDORA-2013-11198 (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
oval:org.mitre.oval:def:16881 (x_refsource_OVAL, signature, vdb-entry)
1028667 (vdb-entry, x_refsource_SECTRACK)