{"id":"USN-2352-1","summary":"dbus vulnerabilities","details":"Simon McVittie discovered that DBus incorrectly handled the file\ndescriptors message limit. A local attacker could use this issue to cause\nDBus to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2014-3635)\n\nAlban Crequy discovered that DBus incorrectly handled a large number of\nfile descriptor messages. A local attacker could use this issue to cause\nDBus to stop responding, resulting in a denial of service. This issue only\napplied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3636)\n\nAlban Crequy discovered that DBus incorrectly handled certain file\ndescriptor messages. A local attacker could use this issue to cause DBus\nto maintain persistent connections, possibly resulting in a denial of\nservice. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3637)\n\nAlban Crequy discovered that DBus incorrectly handled a large number of\nparallel connections and parallel message calls. A local attacker could use\nthis issue to cause DBus to consume resources, possibly resulting in a\ndenial of service. (CVE-2014-3638)\n\nAlban Crequy discovered that DBus incorrectly handled incomplete\nconnections. A local attacker could use this issue to cause DBus to fail\nlegitimate connection attempts, resulting in a denial of service.\n(CVE-2014-3639)\n","modified":"2026-04-22T09:02:07.576541Z","published":"2014-09-22T17:08:16Z","related":["UBUNTU-CVE-2014-3635","UBUNTU-CVE-2014-3636","UBUNTU-CVE-2014-3637","UBUNTU-CVE-2014-3638","UBUNTU-CVE-2014-3639"],"upstream":["CVE-2014-3635","CVE-2014-3636","CVE-2014-3637","CVE-2014-3638","CVE-2014-3639","UBUNTU-CVE-2014-3635","UBUNTU-CVE-2014-3636","UBUNTU-CVE-2014-3637","UBUNTU-CVE-2014-3638","UBUNTU-CVE-2014-3639"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2352-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3635"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3636"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3637"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3638"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3639"}],"affected":[{"package":{"name":"dbus","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/dbus@1.6.18-0ubuntu4.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.18-0ubuntu4.2"}]}],"versions":["1.6.12-0ubuntu10","1.6.18-0ubuntu1","1.6.18-0ubuntu2","1.6.18-0ubuntu3","1.6.18-0ubuntu4","1.6.18-0ubuntu4.1"],"ecosystem_specific":{"binaries":[{"binary_name":"dbus","binary_version":"1.6.18-0ubuntu4.2"},{"binary_name":"dbus-x11","binary_version":"1.6.18-0ubuntu4.2"},{"binary_name":"libdbus-1-3","binary_version":"1.6.18-0ubuntu4.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2352-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-3635"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-3636"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-3637"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-3638"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-3639"}]}}}],"schema_version":"1.7.5"}