The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.
2011-06-22T22:55:04.107
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.6 (MEDIUM)
AV:L/AC:L/Au:N/C:P/I:P/A:P
3.9
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | freedesktop | dbus | 1.5.0 | Yes |
| Application | freedesktop | dbus | 1.5.2 | Yes |
| Application | freedesktop | dbus | 1.4.0 | Yes |
| Application | freedesktop | dbus | 1.4.1 | Yes |
| Application | freedesktop | dbus | 1.4.4 | Yes |
| Application | freedesktop | dbus | 1.4.6 | Yes |
| Application | freedesktop | dbus | 1.4.8 | Yes |
| Application | freedesktop | dbus | 1.4.10 | Yes |
| Application | d-bus_project | d-bus | 1.2.4.2 | Yes |
| Application | d-bus_project | d-bus | 1.2.4.4 | Yes |
| Application | d-bus_project | d-bus | 1.2.4.6 | Yes |
| Application | freedesktop | dbus | 1.2.1 | Yes |
| Application | freedesktop | dbus | 1.2.2 | Yes |
| Application | freedesktop | dbus | 1.2.3 | Yes |
| Application | freedesktop | dbus | 1.2.4 | Yes |
| Application | freedesktop | dbus | 1.2.6 | Yes |
| Application | freedesktop | dbus | 1.2.8 | Yes |
| Application | freedesktop | dbus | 1.2.10 | Yes |
| Application | freedesktop | dbus | 1.2.12 | Yes |
| Application | freedesktop | dbus | 1.2.14 | Yes |
| Application | freedesktop | dbus | 1.2.16 | Yes |
| Application | freedesktop | dbus | 1.2.18 | Yes |
| Application | freedesktop | dbus | 1.2.20 | Yes |
| Application | freedesktop | dbus | 1.2.22 | Yes |
| Application | freedesktop | dbus | 1.2.24 | Yes |
| Application | freedesktop | dbus | 1.2.26 | Yes |