Search for packages
Package details: pkg:deb/debian/dbus@1.12.20-0%2Bdeb10u1
purl pkg:deb/debian/dbus@1.12.20-0%2Bdeb10u1
Next non-vulnerable version 1.12.28-0+deb11u1
Latest non-vulnerable version 1.12.28-0+deb11u1
Risk 3.5
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-1jvm-vs3z-aaan
Aliases:
CVE-2023-34969
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.
1.12.28-0+deb11u1
Affected by 0 other vulnerabilities.
VCID-94n8-qj1g-aaam
Aliases:
CVE-2022-42011
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
1.12.24-0+deb11u1
Affected by 1 other vulnerability.
1.12.28-0+deb11u1
Affected by 0 other vulnerabilities.
VCID-9b7n-9mwh-aaap
Aliases:
CVE-2022-42012
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
1.12.24-0+deb11u1
Affected by 1 other vulnerability.
1.12.28-0+deb11u1
Affected by 0 other vulnerabilities.
VCID-qwyr-xm7c-aaah
Aliases:
CVE-2022-42010
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
1.12.24-0+deb11u1
Affected by 1 other vulnerability.
1.12.28-0+deb11u1
Affected by 0 other vulnerabilities.
VCID-vqkm-aqvg-aaaj
Aliases:
CVE-2020-35512
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
1.12.28-0+deb11u1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-36vh-mccp-aaag An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. CVE-2020-12049
VCID-3jg4-8sst-aaak dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. CVE-2019-12749
VCID-vqkm-aqvg-aaaj A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors CVE-2020-35512

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T21:08:33.651529+00:00 Debian Importer Affected by VCID-94n8-qj1g-aaam None 36.1.3
2025-06-21T19:04:52.253674+00:00 Debian Oval Importer Affected by VCID-94n8-qj1g-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T17:59:20.563840+00:00 Debian Oval Importer Affected by VCID-9b7n-9mwh-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:47:17.044491+00:00 Debian Oval Importer Affected by VCID-94n8-qj1g-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:47:05.159363+00:00 Debian Oval Importer Affected by VCID-qwyr-xm7c-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:57:36.734974+00:00 Debian Oval Importer Fixing VCID-vqkm-aqvg-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:28:37.677729+00:00 Debian Oval Importer Fixing VCID-3jg4-8sst-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:13:00.236939+00:00 Debian Oval Importer Fixing VCID-36vh-mccp-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:57:34.605597+00:00 Debian Importer Affected by VCID-1jvm-vs3z-aaan None 36.1.3
2025-06-21T11:40:40.217711+00:00 Debian Oval Importer Affected by VCID-1jvm-vs3z-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T06:31:45.265786+00:00 Debian Oval Importer Affected by VCID-vqkm-aqvg-aaaj None 36.1.3
2025-06-21T00:27:22.891559+00:00 Debian Oval Importer Affected by VCID-qwyr-xm7c-aaah None 36.1.3
2025-06-21T00:22:11.328964+00:00 Debian Oval Importer Affected by VCID-9b7n-9mwh-aaap None 36.1.3
2025-06-20T23:18:59.202027+00:00 Debian Oval Importer Fixing VCID-36vh-mccp-aaag None 36.1.3
2025-06-20T23:12:31.545836+00:00 Debian Oval Importer Fixing VCID-vqkm-aqvg-aaaj None 36.1.3
2025-06-20T22:17:46.893994+00:00 Debian Oval Importer Affected by VCID-94n8-qj1g-aaam None 36.1.3
2025-06-20T21:47:05.008781+00:00 Debian Importer Affected by VCID-9b7n-9mwh-aaap None 36.1.3
2025-06-20T20:48:23.481116+00:00 Debian Oval Importer Fixing VCID-3jg4-8sst-aaak None 36.1.3
2025-06-20T20:35:35.101159+00:00 Debian Importer Affected by VCID-qwyr-xm7c-aaah None 36.1.3
2025-06-08T12:29:05.124729+00:00 Debian Oval Importer Affected by VCID-1jvm-vs3z-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:15:43.008658+00:00 Debian Oval Importer Affected by VCID-9b7n-9mwh-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:09:34.965064+00:00 Debian Oval Importer Affected by VCID-qwyr-xm7c-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:34:02.455437+00:00 Debian Oval Importer Affected by VCID-94n8-qj1g-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:31:02.704464+00:00 Debian Oval Importer Affected by VCID-9b7n-9mwh-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T10:20:17.483154+00:00 Debian Oval Importer Affected by VCID-94n8-qj1g-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:32:19.612620+00:00 Debian Oval Importer Affected by VCID-qwyr-xm7c-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:50:56.015212+00:00 Debian Oval Importer Fixing VCID-vqkm-aqvg-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:21:42.615260+00:00 Debian Oval Importer Fixing VCID-3jg4-8sst-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:06:21.172210+00:00 Debian Oval Importer Fixing VCID-36vh-mccp-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:57:22.958137+00:00 Debian Oval Importer Affected by VCID-1jvm-vs3z-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T00:10:53.985661+00:00 Debian Oval Importer Affected by VCID-vqkm-aqvg-aaaj None 36.1.0
2025-06-07T17:50:05.830563+00:00 Debian Oval Importer Affected by VCID-qwyr-xm7c-aaah None 36.1.0
2025-06-07T17:45:01.299248+00:00 Debian Oval Importer Affected by VCID-9b7n-9mwh-aaap None 36.1.0
2025-06-07T16:41:58.660995+00:00 Debian Oval Importer Fixing VCID-36vh-mccp-aaag None 36.1.0
2025-06-07T16:35:38.220715+00:00 Debian Oval Importer Fixing VCID-vqkm-aqvg-aaaj None 36.1.0
2025-06-07T15:41:50.618643+00:00 Debian Oval Importer Affected by VCID-94n8-qj1g-aaam None 36.1.0
2025-06-07T14:19:51.197927+00:00 Debian Oval Importer Fixing VCID-3jg4-8sst-aaak None 36.1.0
2025-06-05T14:23:12.078981+00:00 Debian Importer Affected by VCID-qwyr-xm7c-aaah None 36.1.0
2025-04-12T20:59:05.249956+00:00 Debian Oval Importer Fixing VCID-3jg4-8sst-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:44:45.430087+00:00 Debian Oval Importer Affected by VCID-vqkm-aqvg-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:41:20.732741+00:00 Debian Oval Importer Fixing VCID-36vh-mccp-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:15:24.126523+00:00 Debian Oval Importer Affected by VCID-1jvm-vs3z-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:01:28.254066+00:00 Debian Oval Importer Affected by VCID-9b7n-9mwh-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:55:10.828980+00:00 Debian Oval Importer Affected by VCID-qwyr-xm7c-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:18:28.920199+00:00 Debian Oval Importer Affected by VCID-94n8-qj1g-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:12:20.937851+00:00 Debian Oval Importer Affected by VCID-9b7n-9mwh-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-12T16:01:16.524919+00:00 Debian Oval Importer Affected by VCID-94n8-qj1g-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:04:43.453514+00:00 Debian Oval Importer Affected by VCID-qwyr-xm7c-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:23:22.531194+00:00 Debian Oval Importer Fixing VCID-vqkm-aqvg-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:54:17.509975+00:00 Debian Oval Importer Fixing VCID-3jg4-8sst-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:38:59.358608+00:00 Debian Oval Importer Fixing VCID-36vh-mccp-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:28:26.094408+00:00 Debian Oval Importer Affected by VCID-1jvm-vs3z-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T22:43:17.654747+00:00 Debian Oval Importer Affected by VCID-vqkm-aqvg-aaaj None 36.0.0
2025-04-07T16:26:41.669694+00:00 Debian Oval Importer Affected by VCID-qwyr-xm7c-aaah None 36.0.0
2025-04-07T16:21:13.621848+00:00 Debian Oval Importer Affected by VCID-9b7n-9mwh-aaap None 36.0.0
2025-04-07T15:14:24.276514+00:00 Debian Oval Importer Fixing VCID-36vh-mccp-aaag None 36.0.0
2025-04-07T15:07:48.287606+00:00 Debian Oval Importer Fixing VCID-vqkm-aqvg-aaaj None 36.0.0
2025-04-07T14:12:41.558210+00:00 Debian Oval Importer Affected by VCID-94n8-qj1g-aaam None 36.0.0
2025-04-07T12:52:37.171658+00:00 Debian Oval Importer Fixing VCID-3jg4-8sst-aaak None 36.0.0
2025-04-05T17:09:29.551564+00:00 Debian Importer Affected by VCID-94n8-qj1g-aaam None 36.0.0
2025-04-05T10:30:33.404704+00:00 Debian Importer Affected by VCID-1jvm-vs3z-aaan None 36.0.0
2025-04-04T00:24:37.838741+00:00 Debian Importer Affected by VCID-9b7n-9mwh-aaap None 36.0.0
2025-04-03T23:22:07.872968+00:00 Debian Importer Affected by VCID-qwyr-xm7c-aaah None 36.0.0
2025-02-21T12:02:28.680431+00:00 Debian Importer Affected by VCID-1jvm-vs3z-aaan None 35.1.0
2025-02-21T03:31:16.247772+00:00 Debian Importer Affected by VCID-9b7n-9mwh-aaap None 35.1.0
2025-02-21T03:31:12.430654+00:00 Debian Importer Affected by VCID-94n8-qj1g-aaam None 35.1.0
2025-02-21T03:31:08.881938+00:00 Debian Importer Affected by VCID-qwyr-xm7c-aaah None 35.1.0
2024-11-23T18:04:38.117960+00:00 Debian Importer Affected by VCID-9b7n-9mwh-aaap None 35.0.0
2024-11-23T18:04:35.167630+00:00 Debian Importer Affected by VCID-94n8-qj1g-aaam None 35.0.0
2024-11-23T18:04:32.331207+00:00 Debian Importer Affected by VCID-qwyr-xm7c-aaah None 35.0.0
2024-10-10T15:32:58.531953+00:00 Debian Importer Affected by VCID-9b7n-9mwh-aaap None 34.0.2
2024-10-10T15:32:55.576554+00:00 Debian Importer Affected by VCID-94n8-qj1g-aaam None 34.0.2
2024-10-10T15:32:52.788882+00:00 Debian Importer Affected by VCID-qwyr-xm7c-aaah None 34.0.2
2024-09-19T21:52:43.786171+00:00 Debian Importer Affected by VCID-9b7n-9mwh-aaap None 34.0.1
2024-09-19T21:52:40.972737+00:00 Debian Importer Affected by VCID-94n8-qj1g-aaam None 34.0.1
2024-09-19T21:52:38.215558+00:00 Debian Importer Affected by VCID-qwyr-xm7c-aaah None 34.0.1
2024-04-26T03:39:23.286524+00:00 Debian Importer Affected by VCID-1jvm-vs3z-aaan None 34.0.0rc4
2024-04-25T20:45:46.171881+00:00 Debian Importer Affected by VCID-9b7n-9mwh-aaap None 34.0.0rc4
2024-04-25T20:45:40.598859+00:00 Debian Importer Affected by VCID-94n8-qj1g-aaam None 34.0.0rc4
2024-04-25T20:45:23.930748+00:00 Debian Importer Affected by VCID-qwyr-xm7c-aaah None 34.0.0rc4
2024-01-12T13:26:10.048990+00:00 Debian Importer Affected by VCID-1jvm-vs3z-aaan None 34.0.0rc2
2024-01-12T05:44:22.275357+00:00 Debian Importer Affected by VCID-9b7n-9mwh-aaap None 34.0.0rc2
2024-01-12T05:44:00.314118+00:00 Debian Importer Affected by VCID-94n8-qj1g-aaam None 34.0.0rc2
2024-01-12T05:43:22.493602+00:00 Debian Importer Affected by VCID-qwyr-xm7c-aaah None 34.0.0rc2
2024-01-05T09:03:54.806163+00:00 Debian Importer Affected by VCID-1jvm-vs3z-aaan None 34.0.0rc1
2024-01-05T05:16:55.468299+00:00 Debian Importer Affected by VCID-9b7n-9mwh-aaap None 34.0.0rc1
2024-01-05T05:16:52.077939+00:00 Debian Importer Affected by VCID-94n8-qj1g-aaam None 34.0.0rc1
2024-01-05T05:16:48.700749+00:00 Debian Importer Affected by VCID-qwyr-xm7c-aaah None 34.0.0rc1