CVE-2023-34969

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-34969
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34969.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-34969
Downstream
Related
Published
2023-06-08T03:15:08.970Z
Modified
2026-04-11T12:45:20.257329Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "10.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "38"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"
        }
    ]
}
References

Affected packages

Git / gitlab.freedesktop.org/dbus/dbus

Affected ranges

Type
GIT
Repo
https://gitlab.freedesktop.org/dbus/dbus
Events
Introduced
98294ab81a4d7ef00b6de5149344d92278c38593
Fixed
7e3b7e12e5cb175722553ae950d46c39599f2a8a
Introduced
6fd1509ba3677ac434176882fbf1ca5d7603651e
Fixed
f90d4f16933ee5153fe02c405eb883c9cb8f0ad5
Introduced
2770215f6cc31cf4723c71cfc67d2a505225d659
Fixed
67ac3e6bc30bf545b7c2c21987a0242b65ddb3bf
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "1.12.0"
        },
        {
            "fixed": "1.12.28"
        },
        {
            "introduced": "1.14.0"
        },
        {
            "fixed": "1.14.8"
        },
        {
            "introduced": "1.15.0"
        },
        {
            "fixed": "1.15.6"
        }
    ],
    "cpe": "cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*"
}

Affected versions

dbus-1.*
dbus-1.12.0
dbus-1.12.10
dbus-1.12.12
dbus-1.12.14
dbus-1.12.16
dbus-1.12.18
dbus-1.12.2
dbus-1.12.20
dbus-1.12.22
dbus-1.12.24
dbus-1.12.26
dbus-1.12.4
dbus-1.12.6
dbus-1.12.8
dbus-1.14.0
dbus-1.14.2
dbus-1.14.4
dbus-1.14.6
dbus-1.15.0
dbus-1.15.2
dbus-1.15.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34969.json"