Input validation error in D-Bus and Opensuse - CVE-2013-2168

 

Input validation error in D-Bus and Opensuse - CVE-2013-2168

Published: July 3, 2013 / Updated: August 11, 2020


Vulnerability identifier: #VU42757
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2013-2168
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Freedesktop.org
SUSE
Affected software:
D-Bus
Opensuse

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.


How to mitigate CVE-2013-2168

Install update from vendor's website.

Sources