Denial of Service in D-Bus Library Affects Multiple Distributions
CVE-2008-3834

Currently unrated

Key Information:

Vendor: Freedesktop
Status: Dbus; Dbus1.0; Dbus1.1.0
Vendor: CVE Published:; 7 October 2008

🔔 Create Freedesktop Vulnerability Alert

What is CVE-2008-3834?

A flaw exists in the dbus_signature_validate function of the D-bus library (libdbus) prior to version 1.2.4. This vulnerability allows remote attackers to exploit the system by sending a message with a malformed signature, resulting in an application crash due to a failed assertion error. This can disrupt services relying on the D-bus for inter-process communication, highlighting the importance of keeping the library updated to mitigate potential denial of service scenarios.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.debian.org/security/2008/dsa-1658

vendor-advisoryx_refsource_DEBIAN

http://www.securityfocus.com/bid/31602

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2008
Vulnerability Reserved
Aug 27, 2008