AZL-27178

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-27178.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-27178

Upstream

CVE-2023-34969

Published

2023-06-08T03:15:08Z

Modified

2026-04-01T05:09:00.622552Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2023-34969 affecting package dbus for versions less than 1.15.6-1

Details

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-34969

Affected packages

Azure Linux:2 / dbus

Package

Name: dbus
Purl: pkg:rpm/azure-linux/dbus

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.15.6-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-27178.json"