CVE-2014-3635 — MEDIUM (4.4)

Q: How severe is CVE-2014-3635?

CVE-2014-3635 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-3635?

Check the references section above for vendor advisories and patch information. Affected products include: D-Bus Project D-Bus, Freedesktop Dbus, Opensuse Opensuse.

Vulnerability Description

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.

CVSS Score

4.4

MEDIUM

AV:L/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
D-Bus Project	D-Bus	<= 1.6.22
Freedesktop	Dbus	1.6.0
Opensuse	Opensuse	12.3

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2014-3635?

CVE-2014-3635 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to ca...

How severe is CVE-2014-3635?

CVE-2014-3635 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3635?

Check the references section above for vendor advisories and patch information. Affected products include: D-Bus Project D-Bus, Freedesktop Dbus, Opensuse Opensuse.