Vulnerability Details : CVE-2010-4352
Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-4352
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4352
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2010-4352
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4352
-
https://bugzilla.redhat.com/show_bug.cgi?id=663673
663673 – (CVE-2010-4352) CVE-2010-4352 D-BUS: Stack overflow by validating message with excessive number of nested variantsExploit;Patch
-
http://cgit.freedesktop.org/dbus/dbus/commit/?id=7d65a3a6ed8815e34a99c680ac3869fde49dbbd4
dbus/dbus - a lightweight ipc mechanism (mirrored from https://gitlab.freedesktop.org/dbus/dbus)Patch
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052550.html
[SECURITY] Fedora 14 Update: dbus-1.4.0-2.fc14Exploit;Patch
-
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
openSUSE-SU-2012:1418-1: moderate: update for dbus-1, dbus-1-x11
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
-
http://openwall.com/lists/oss-security/2010/12/16/6
oss-security - Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variantsExploit;Patch
-
http://www.vupen.com/english/advisories/2011/0464
Webmail | OVH- OVH
-
http://www.remlab.net/op/dbus-variant-recursion.shtml
Remlab: D-Bus variant recursion vulnerabilityVendor Advisory
-
https://bugs.freedesktop.org/show_bug.cgi?id=32321
32321 – Lots of nested variants crash the busExploit;Patch
-
http://openwall.com/lists/oss-security/2010/12/16/3
oss-security - CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variantsExploit;Patch
-
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:004
-
http://www.vupen.com/english/advisories/2010/3325
Webmail | OVH- OVHVendor Advisory
-
http://openwall.com/lists/oss-security/2010/12/21/3
oss-security - Re: Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants
-
http://www.securityfocus.com/bid/45377
D-Bus Nested Variants Denial of Service Vulnerability
-
http://www.vupen.com/english/advisories/2011/0178
Webmail | OVH- OVH
-
http://www.ubuntu.com/usn/USN-1044-1
USN-1044-1: D-Bus vulnerability | Ubuntu security notices
-
http://www.debian.org/security/2011/dsa-2149
Debian -- Security Information -- DSA-2149-1 dbus
-
http://www.vupen.com/english/advisories/2011/0161
Webmail | OVH- OVH
Products affected by CVE-2010-4352
- cpe:2.3:a:d-bus_project:d-bus:*:*:*:*:*:*:*:*