Lucene search

K
amazonAmazonALAS-2023-1730
HistoryApr 13, 2023 - 7:01 p.m.

Medium: dbus

2023-04-1319:01:00
alas.aws.amazon.com
24
d-bus
authenticated attackers
crash
invalid signatures
file descriptors

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

56.6%

Issue Overview:

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. (CVE-2022-42010)

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. (CVE-2022-42011)

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. (CVE-2022-42012)

Affected Packages:

dbus

Issue Correction:
Run yum update dbus to update your system.

New Packages:

i686:  
    dbus-1.6.12-14.31.amzn1.i686  
    dbus-devel-1.6.12-14.31.amzn1.i686  
    dbus-libs-1.6.12-14.31.amzn1.i686  
    dbus-debuginfo-1.6.12-14.31.amzn1.i686  
  
noarch:  
    dbus-doc-1.6.12-14.31.amzn1.noarch  
  
src:  
    dbus-1.6.12-14.31.amzn1.src  
  
x86_64:  
    dbus-1.6.12-14.31.amzn1.x86_64  
    dbus-libs-1.6.12-14.31.amzn1.x86_64  
    dbus-devel-1.6.12-14.31.amzn1.x86_64  
    dbus-debuginfo-1.6.12-14.31.amzn1.x86_64  

Additional References

Red Hat: CVE-2022-42010, CVE-2022-42011, CVE-2022-42012

Mitre: CVE-2022-42010, CVE-2022-42011, CVE-2022-42012

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

56.6%