{"id":"CVE-2022-42012","details":"An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.","modified":"2026-04-02T08:19:41.842331Z","published":"2022-10-10T00:15:09.627Z","related":["ALSA-2023:0096","ALSA-2023:0335","CGA-2fgg-vm34-8fv5","MGASA-2022-0365","SUSE-SU-2022:3804-1","SUSE-SU-2022:3805-1","SUSE-SU-2022:3806-1","SUSE-SU-2022:4295-1","openSUSE-SU-2024:12448-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202305-08"},{"type":"FIX","url":"https://www.openwall.com/lists/oss-security/2022/10/06/1"},{"type":"FIX","url":"https://gitlab.freedesktop.org/dbus/dbus/-/issues/417"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/dbus/dbus","events":[{"introduced":"0"},{"fixed":"5ff925648e88ba29cef7d708bc2bbc5d6de5fc48"},{"introduced":"ee84f84a3fde6bc3d3c5e1c11adeab8f1af6db44"},{"fixed":"8501a73dfe923ad273229b7c45925d4abe4cca7e"},{"introduced":"2770215f6cc31cf4723c71cfc67d2a505225d659"},{"fixed":"ed866a94889e13c83dc873d8b5f86a907f908456"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.12.24"},{"introduced":"1.13.0"},{"fixed":"1.14.4"},{"introduced":"1.15.0"},{"fixed":"1.15.2"}]}}],"versions":["DBUS_1_0_3","dbus-0.1","dbus-0.10","dbus-0.11","dbus-0.12","dbus-0.13","dbus-0.2","dbus-0.20","dbus-0.21","dbus-0.22","dbus-0.23","dbus-0.23.1","dbus-0.23.2","dbus-0.23.3","dbus-0.23.4","dbus-0.3","dbus-0.31.0","dbus-0.32.0","dbus-0.33.0","dbus-0.34.0","dbus-0.35","dbus-0.35.1","dbus-0.35.2","dbus-0.36","dbus-0.36.1","dbus-0.36.2","dbus-0.4","dbus-0.5","dbus-0.50","dbus-0.6","dbus-0.60","dbus-0.61","dbus-0.62","dbus-0.7","dbus-0.8","dbus-0.9","dbus-0.90","dbus-0.91","dbus-0.92","dbus-0.93","dbus-0.94","dbus-0.95","dbus-1.0.0","dbus-1.0.1","dbus-1.0.2","dbus-1.1.0","dbus-1.1.1","dbus-1.1.2","dbus-1.1.20","dbus-1.1.3","dbus-1.1.4","dbus-1.10.0","dbus-1.10.10","dbus-1.10.12","dbus-1.10.14","dbus-1.10.16","dbus-1.10.18","dbus-1.10.2","dbus-1.10.20","dbus-1.10.22","dbus-1.10.24","dbus-1.10.26","dbus-1.10.28","dbus-1.10.30","dbus-1.10.32","dbus-1.10.4","dbus-1.10.6","dbus-1.10.8","dbus-1.11.0","dbus-1.11.10","dbus-1.11.12","dbus-1.11.14","dbus-1.11.16","dbus-1.11.18","dbus-1.11.2","dbus-1.11.20","dbus-1.11.22","dbus-1.11.4","dbus-1.11.6","dbus-1.11.8","dbus-1.12.0","dbus-1.12.10","dbus-1.12.12","dbus-1.12.14","dbus-1.12.16","dbus-1.12.18","dbus-1.12.2","dbus-1.12.20","dbus-1.12.22","dbus-1.12.4","dbus-1.12.6","dbus-1.12.8","dbus-1.13.0","dbus-1.13.10","dbus-1.13.12","dbus-1.13.14","dbus-1.13.16","dbus-1.13.18","dbus-1.13.2","dbus-1.13.20","dbus-1.13.22","dbus-1.13.4","dbus-1.13.6","dbus-1.13.8","dbus-1.14.0","dbus-1.14.2","dbus-1.15.0","dbus-1.2.1","dbus-1.2.10","dbus-1.2.12","dbus-1.2.14","dbus-1.2.16","dbus-1.2.18","dbus-1.2.20","dbus-1.2.22","dbus-1.2.24","dbus-1.2.26","dbus-1.2.28","dbus-1.2.3","dbus-1.2.30","dbus-1.2.4","dbus-1.2.4.2permissive","dbus-1.2.4.4permissive","dbus-1.2.4.6permissive","dbus-1.2.6","dbus-1.2.8","dbus-1.3.0","dbus-1.3.1","dbus-1.4.0","dbus-1.4.1","dbus-1.4.10","dbus-1.4.12","dbus-1.4.14","dbus-1.4.16","dbus-1.4.18","dbus-1.4.20","dbus-1.4.22","dbus-1.4.24","dbus-1.4.26","dbus-1.4.4","dbus-1.4.6","dbus-1.4.8","dbus-1.5.0","dbus-1.5.10","dbus-1.5.12","dbus-1.5.2","dbus-1.5.4","dbus-1.5.6","dbus-1.5.8","dbus-1.6.0","dbus-1.6.10","dbus-1.6.12","dbus-1.6.14","dbus-1.6.16","dbus-1.6.18","dbus-1.6.2","dbus-1.6.20","dbus-1.6.22","dbus-1.6.24","dbus-1.6.26","dbus-1.6.28","dbus-1.6.30","dbus-1.6.4","dbus-1.6.6","dbus-1.6.8","dbus-1.7.0","dbus-1.7.10","dbus-1.7.2","dbus-1.7.4","dbus-1.7.6","dbus-1.7.8","dbus-1.8.0","dbus-1.8.10","dbus-1.8.12","dbus-1.8.14","dbus-1.8.16","dbus-1.8.18","dbus-1.8.2","dbus-1.8.20","dbus-1.8.22","dbus-1.8.4","dbus-1.8.6","dbus-1.8.8","dbus-1.9.0","dbus-1.9.10","dbus-1.9.12","dbus-1.9.14","dbus-1.9.16","dbus-1.9.18","dbus-1.9.2","dbus-1.9.20","dbus-1.9.4","dbus-1.9.6","dbus-1.9.8","dbus-before-object-names-merge","dbus-object-names-branchpoint"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42012.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}