Evgeny Vereshchagin

**Name of the Vulnerable Software and Affected Versions** D-Bus versions 1.12.24 and earlier, 1.13.x and earlier, 1.14.x before 1.14.4, and 1.15.x before 1.15.2 **Description** The issue is related to the D-Bus system's handling of type signatures, which can cause a crash when receiving a message with certain invalid signatures. An authenticated attacker can exploit this to cause dbus-daemon and other programs that use libdbus to crash. The problem is caused by a syntactically invalid type signature with incorrectly nested brackets and braces. **Recommendations** For D-Bus versions 1.12.24 and earlier, update to version 1.12.24 or later. For D-Bus versions 1.13.x, update to version 1.14.4 or later. For D-Bus versions 1.14.x before 1.14.4, update to version 1.14.4 or later. For D-Bus versions 1.15.x before 1.15.2, update to version 1.15.2 or later. As a temporary workaround, consider restricting access to the dbus-daemon to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Bus versions 1.12.24 and earlier, 1.13.x, 1.14.x before 1.14.4, and 1.15.x before 1.15.2 **Description** An issue was discovered in D-Bus that allows an authenticated attacker to cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. The vulnerability is related to a use-after-free error caused by a message with out-of-band Unix file descriptors and a non-native byte order. This can lead to a denial-of-service. **Recommendations** For D-Bus versions 1.12.24 and earlier, update to version 1.12.24 or later. For D-Bus version 1.13.x, update to version 1.14.4 or later. For D-Bus version 1.14.x before 1.14.4, update to version 1.14.4 or later. For D-Bus version 1.15.x before 1.15.2, update to version 1.15.2 or later. As a temporary workaround, consider restricting access to the `dbus-daemon` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Bus versions 1.12.24 and earlier, 1.13.x, 1.14.x before 1.14.4, and 1.15.x before 1.15.2 **Description** An issue was discovered in D-Bus where an authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with an array length inconsistent with the size of the element type. This is related to a boundary error caused by an invalid array of fixed-length elements, where the array length is not a multiple of the element length. The exploitation of this issue can allow a remote attacker to cause a denial of service. **Recommendations** For D-Bus versions 1.12.24 and earlier, update to version 1.12.24 or later. For D-Bus version 1.13.x, update to version 1.14.4 or later. For D-Bus versions 1.14.x before 1.14.4, update to version 1.14.4 or later. For D-Bus versions 1.15.x before 1.15.2, update to version 1.15.2 or later.