dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly

A vulnerability found in D-bus. This flaw allows an authenticated attacker to cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...

Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...

AlmaLinux 9 : libtirpc (ALSA-2022:8400)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:8400 advisory. - In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. Thi...

libtirpc: DoS vulnerability with lots of connections

A denial of service DoS vulnerability was found in libtirpc. This flaw allows a remote attacker to exhaust the file descriptors of a process that uses libtirpc due to mishandling idle TCP connections. This issue leads to a svcrun infinite loop without accepting new connections...

OESA-2022-2070 kernel security update

Security Fixes: The vulnerability is a use-after-free that happens when an iouring request is being processed on a registered file and the Unix GC runs and frees the iouring fd and all the registered fds. The order at which the Unix GC processes the inflight fds may lead to registered fds be free...

OESA-2022-2051 dbus security update

Security Fixes: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.CVE-2022-42010 An...

Huawei EulerOS: Security Advisory for libtirpc (EulerOS-SA-2022-2658)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : libtirpc (EulerOS-SA-2022-2658)

According to the versions of the libtirpc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections a...

Libtirpc: Denial of Service

Background Libtirpc is a port of Sun's Transport-Independent RPC library to Linux. Description Currently svcrun does not handle poll timeout and rendezvousrequest does not handle EMFILE error returned from accept2 as it used to. These two missing functionality were removed by commit b2c9430f46c4...

SUSE SLES12 Security Update : libtirpc (SUSE-SU-2022:3791-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3791-1 advisory. - In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP...

OESA-2022-2000 dbus security update

Security Fixes: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.CVE-2022-42010 An...

The vulnerability of the D-Bus inter-process communication system, related to memory corruption after deallocation, allows a malicious actor to trigger a service failure.

The vulnerability of the D-Bus inter-process communication mechanism is related to a memory usage error that occurs after freeing memory, caused by messages with non-sequential byte orders and Unix file descriptors. Exploiting this vulnerability can allow an attacker to cause service failures...

ROS-20221013-01

A vulnerability in the D-Bus interprocess communication system is related to the reachability of an assertion in debug builds caused by a syntactically invalid type signature with improperly nested brackets and curly braces. Exploitation of the vulnerability could allow an attacker to execute a...

An issue was discovered in D-Bus before 1.12.24 1.13.x and 1.14.x before 1.14.4 and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

...

CVE-2022-33749

XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other trusted clients, and blocks XAPI from carrying out any tasks that require the opening of file...

CVE-2022-33749

XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other trusted clients, and blocks XAPI from carrying out any tasks that require the opening of file...

PT-2022-21860 · Xapi · Xapi

Name of the Vulnerable Software and Affected Versions: XAPI affected versions not specified Description: The issue allows an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This results in XAPI being unable to accept new requests from other trusted clients an...

AZL-11093 CVE-2022-42012 affecting package dbus for versions less than 1.15.2-2

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

ALPINE-CVE-2022-42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...