What is the severity of CVE-2013-2168?

CVE-2013-2168 is classified as a denial of service vulnerability that can be exploited remotely.

How do I fix CVE-2013-2168?

To fix CVE-2013-2168, update the D-BUS package to version 1.4.26, 1.6.12, or 1.7.4 or later.

Which software is affected by CVE-2013-2168?

D-BUS versions prior to 1.4.26, 1.6.12, and 1.7.4 are affected by CVE-2013-2168.

What can an attacker do with CVE-2013-2168?

An attacker can exploit CVE-2013-2168 to cause a denial of service, affecting application communication over D-BUS.

Is CVE-2013-2168 a local or remote vulnerability?

CVE-2013-2168 is a remote vulnerability that allows attackers to send malicious D-BUS messages.

Vulnerability/
CVE-2013-2168

low

1.9

CWE

13/6/2013

3/7/2013

6/8/2024

CVE-2013-2168: Input Validation

First published: Thu Jun 13 2013(Updated: )

A denial of service flaw was found in the way UNIX system D-BUS format string wrapper implementation of D-BUS, a system for sending messages between applications, used to measure the length of the provided format string and its arguments in certain circumstances. A remote attacker could supply a specially-crafted input to an application / service, utilizing the services / functionality of the libdbus library that, when processed would lead to that application / service crash. References: [1] <a href="http://www.openwall.com/lists/oss-security/2013/06/13/2">http://www.openwall.com/lists/oss-security/2013/06/13/2</a> Relevant upstream patch: [2] <a href="http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7">http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/dbus	<1.4.26	1.4.26
redhat/dbus	<1.6.12	1.6.12
redhat/dbus	<1.7.4	1.7.4
dbus	=1.4.0
dbus	=1.4.1
dbus	=1.4.4
dbus	=1.4.6
dbus	=1.4.8
dbus	=1.4.10
dbus	=1.4.12
dbus	=1.4.14
dbus	=1.4.16
dbus	=1.4.18
dbus	=1.4.20
dbus	=1.4.24
dbus	=1.7.0
dbus	=1.7.2
dbus	=1.6.0
dbus	=1.6.2
dbus	=1.6.4
dbus	=1.6.6
dbus	=1.6.8
dbus	=1.6.10
dbus	=1.6.16
SUSE Linux	=12.3
Freedesktop D-Bus	=1.4.0
Freedesktop D-Bus	=1.4.1
Freedesktop D-Bus	=1.4.4
Freedesktop D-Bus	=1.4.6
Freedesktop D-Bus	=1.4.8
Freedesktop D-Bus	=1.4.10
Freedesktop D-Bus	=1.4.12
Freedesktop D-Bus	=1.4.14
Freedesktop D-Bus	=1.4.16
Freedesktop D-Bus	=1.4.18
Freedesktop D-Bus	=1.4.20
Freedesktop D-Bus	=1.4.24
Freedesktop D-Bus	=1.7.0
Freedesktop D-Bus	=1.7.2
Freedesktop D-Bus	=1.6.0
Freedesktop D-Bus	=1.6.2
Freedesktop D-Bus	=1.6.4
Freedesktop D-Bus	=1.6.6
Freedesktop D-Bus	=1.6.8
Freedesktop D-Bus	=1.6.10
Freedesktop D-Bus	=1.6.16

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2168?
CVE-2013-2168 is classified as a denial of service vulnerability that can be exploited remotely.
How do I fix CVE-2013-2168?
To fix CVE-2013-2168, update the D-BUS package to version 1.4.26, 1.6.12, or 1.7.4 or later.
Which software is affected by CVE-2013-2168?
D-BUS versions prior to 1.4.26, 1.6.12, and 1.7.4 are affected by CVE-2013-2168.
What can an attacker do with CVE-2013-2168?
An attacker can exploit CVE-2013-2168 to cause a denial of service, affecting application communication over D-BUS.
Is CVE-2013-2168 a local or remote vulnerability?
CVE-2013-2168 is a remote vulnerability that allows attackers to send malicious D-BUS messages.

agent/references
agent/type
agent/first-publish-date
agent/severity
agent/weakness
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2013-2168
agent/software-canonical-lookup
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
package-manager/redhat
vendor/d-bus project
canonical/dbus
version/dbus/1.4.0
version/dbus/1.4.1
version/dbus/1.4.4
version/dbus/1.4.6
version/dbus/1.4.8
version/dbus/1.4.10
version/dbus/1.4.12
version/dbus/1.4.14
version/dbus/1.4.16
version/dbus/1.4.18
version/dbus/1.4.20
version/dbus/1.4.24
version/dbus/1.7.0
version/dbus/1.7.2
version/dbus/1.6.0
version/dbus/1.6.2
version/dbus/1.6.4
version/dbus/1.6.6
version/dbus/1.6.8
version/dbus/1.6.10
version/dbus/1.6.16
vendor/opensuse
canonical/suse linux
version/suse linux/12.3
vendor/freedesktop
canonical/freedesktop d-bus
version/freedesktop d-bus/1.4.0
version/freedesktop d-bus/1.4.1
version/freedesktop d-bus/1.4.4
version/freedesktop d-bus/1.4.6
version/freedesktop d-bus/1.4.8
version/freedesktop d-bus/1.4.10
version/freedesktop d-bus/1.4.12
version/freedesktop d-bus/1.4.14
version/freedesktop d-bus/1.4.16
version/freedesktop d-bus/1.4.18
version/freedesktop d-bus/1.4.20
version/freedesktop d-bus/1.4.24
version/freedesktop d-bus/1.7.0
version/freedesktop d-bus/1.7.2
version/freedesktop d-bus/1.6.0
version/freedesktop d-bus/1.6.2
version/freedesktop d-bus/1.6.4
version/freedesktop d-bus/1.6.6
version/freedesktop d-bus/1.6.8
version/freedesktop d-bus/1.6.10
version/freedesktop d-bus/1.6.16