CVE-2022-31212

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions dbus-broker versions prior to 31

Description An issue was discovered in dbus-broker where it depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.

Recommendations For versions prior to 31, update to version 31 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Exec line in the DBus service configuration to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2022:6608

CVE-2022-31212

OESA-2022-2116

OPENSUSE-SU-2022:10030-1

RHSA-2022:6608

RHSA-2022_6608

RLSA-2022:6608

Affected Products

Almalinux

Red Hat

Rocky Linux

C-Uitl/C-Shquote

Dbus-Broker

CVE-2022-31212

Weakness Enumeration

Related Identifiers

Affected Products

References · 34