DEBIAN-CVE-2009-1189

DEBIAN-CVE-2009-1189 PUBLISHED

The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.

Affected Products

Vendor	Product	Versions
Debian:14	dbus	0, 0, 0
Debian:13	dbus	0, 0, 0
Debian:12	dbus	0, 0, 0
Debian:11	dbus	0, 0, 0

Timeline

Apr 27, 2009 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2009-1189 advisory

Open in Interactive Console →