VDB
CISA-2014-3636
CISA-2014-3636
PUBLISHED
Reported by redhat · Published October 25, 2014
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, * |
Timeline
- Oct 25, 2014 CVE Published
- Oct 17, 2024 CVE Updated
- Mar 26, 2026 Distribution Patch
- Mar 26, 2026 Distribution Patch
- Mar 26, 2026 Security Advisory
- Mar 26, 2026 Security Advisory
References
- USN-2352-1 vendor-advisoryx_refsource_UBUNTU
- openSUSE-SU-2014:1239 vendor-advisoryx_refsource_SUSE
- 61378 third-party-advisoryx_refsource_SECUNIA
- [oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8 mailing-listx_refsource_MLIST
- 1030864 vdb-entryx_refsource_SECTRACK
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- DSA-3026 vendor-advisoryx_refsource_DEBIAN
- MDVSA-2015:176 vendor-advisoryx_refsource_MANDRIVA