CVE-2014-3638

Name of the Vulnerable Software and Affected Versions D-Bus versions prior to 1.6.24 D-Bus versions 1.8.x prior to 1.8.8 dbus-1 versions (affected versions not specified) dbus-1-32bit versions (affected versions not specified) dbus-1-x11 versions (affected versions not specified) dbus-1-devel-doc versions (affected versions not specified) dbus-1-devel versions (affected versions not specified)

Description The issue allows local users to cause a denial of service (CPU consumption) via a large number of method calls, potentially leading to disruption of protected information. This can be exploited locally. The bus connections check reply function in config-parser.c is specifically vulnerable.

Recommendations For D-Bus versions prior to 1.6.24, update to version 1.6.24 or later. For D-Bus versions 1.8.x prior to 1.8.8, update to version 1.8.8 or later. For dbus-1, dbus-1-32bit, dbus-1-x11, dbus-1-devel-doc, and dbus-1-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.