What is CVE-2014-3533?

CVE-2014-3533 is a vulnerability in Freedesktop Dbus, classified under Improper Input Validation. Published 2014-07-19.

Is CVE-2014-3533 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Freedesktop Dbus

CVE-2014-3533

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (25.5th percentile) — read the EPSS interpretation.

Affected products

Freedesktop Dbus — versions 1.3.0, 1.3.1, 1.4.0
Mageia_project Mageia — versions 3, 4
Debian Debian_linux — versions 7.0
Opensuse — versions 12.3
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

59798 (x_refsource_SECUNIA, third-party-advisory)
59611 (x_refsource_SECUNIA, third-party-advisory)
openSUSE-SU-2014:1239 (vendor-advisory, x_refsource_SUSE)
60236 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
DSA-2971 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM)
[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2014-3533?: CVE-2014-3533 is a vulnerability in Freedesktop Dbus, classified under Improper Input Validation. Published 2014-07-19.
Is CVE-2014-3533 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.