G. Hechenberger

**Name of the Vulnerable Software and Affected Versions** dbus-broker versions prior to 31 **Description** An issue was discovered in dbus-broker where it depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied. **Recommendations** For versions prior to 31, update to version 31 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Exec line in the DBus service configuration to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** dbus-broker versions prior to 31 **Description** An issue was discovered in dbus-broker where multiple NULL pointer dereferences can occur when a malformed XML config file is supplied. **Recommendations** For versions prior to 31, update to version 31 or later to resolve the issue.