Launchpad CVE tracker

CVE 2022-42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Related bugs and status

CVE-2022-42012 (Candidate) is related to these bugs:

Bug #1999258: Please merge dbus 1.14.4-1 from Debian unstable.

Summary				In	Importance	Status
	1999258	Please merge dbus 1.14.4-1 from Debian unstable.		dbus (Ubuntu)	Undecided	Fix Released

Bug #2021465: [Debian] Medium CVE: CVE-2022-42010/CVE-2022-42011/CVE-2022-42012: dbus: multiple CVEs

Summary				In	Importance	Status
	2021465	[Debian] Medium CVE: CVE-2022-42010/CVE-2022-42011/CVE-2022-42012: dbus: multiple CVEs		StarlingX	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.openwall.c...
MISC: https://gitlab.freedes...
FEDORA: FEDORA-2022-076544c8aa
FEDORA: FEDORA-2022-7a963a79d1
FEDORA: FEDORA-2022-b0c2f2ab74
GENTOO: GLSA-202305-08

Launchpad.net

CVE 2022-42012

Related bugs and status

Related bugs

References