What is CVE-2015-0245?

CVE-2015-0245 is a vulnerability in Freedesktop Dbus, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). Published 2015-02-13.

Is CVE-2015-0245 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Freedesktop Dbus

CVE-2015-0245

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by l…

Vulnerability class: Race Condition

EPSS: 0.001 (25.9th percentile) — read the EPSS interpretation.

Affected products

Freedesktop Dbus — versions 1.4.0, 1.4.1, 1.4.4
Opensuse — versions 13.1, 13.2
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM)
openSUSE-SU-2015:0300 (vendor-advisory, x_refsource_SUSE)
DSA-3161 (vendor-advisory, x_refsource_DEBIAN)
[oss-security] 20150209 CVE-2015-0245: denial of service in dbus >= 1.4 systemd activation (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)
MDVSA-2015:176 (vendor-advisory, x_refsource_MANDRIVA)

Frequently asked questions

What is CVE-2015-0245?: CVE-2015-0245 is a vulnerability in Freedesktop Dbus, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). Published 2015-02-13.
Is CVE-2015-0245 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.