Vulnerability Details CVE-2022-31212
An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.3%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/bus1/dbus-broker/compare/v30...v31
- https://sec-consult.com/vulnerability-lab/advisory/memory-corruption-vulnerabilities-dbus-broker/
- https://security.gentoo.org/glsa/202305-04
- https://github.com/bus1/dbus-broker/compare/v30...v31
- https://sec-consult.com/vulnerability-lab/advisory/memory-corruption-vulnerabilities-dbus-broker/
- https://security.gentoo.org/glsa/202305-04
Products affected by CVE-2022-31212
-
cpe:2.3:a:dbus-broker_project:dbus-broker:1
-
cpe:2.3:a:dbus-broker_project:dbus-broker:10
-
cpe:2.3:a:dbus-broker_project:dbus-broker:11
-
cpe:2.3:a:dbus-broker_project:dbus-broker:12
-
cpe:2.3:a:dbus-broker_project:dbus-broker:13
-
cpe:2.3:a:dbus-broker_project:dbus-broker:14
-
cpe:2.3:a:dbus-broker_project:dbus-broker:15
-
cpe:2.3:a:dbus-broker_project:dbus-broker:16
-
cpe:2.3:a:dbus-broker_project:dbus-broker:17
-
cpe:2.3:a:dbus-broker_project:dbus-broker:18
-
cpe:2.3:a:dbus-broker_project:dbus-broker:19
-
cpe:2.3:a:dbus-broker_project:dbus-broker:2
-
cpe:2.3:a:dbus-broker_project:dbus-broker:20
-
cpe:2.3:a:dbus-broker_project:dbus-broker:21
-
cpe:2.3:a:dbus-broker_project:dbus-broker:22
-
cpe:2.3:a:dbus-broker_project:dbus-broker:23
-
cpe:2.3:a:dbus-broker_project:dbus-broker:24
-
cpe:2.3:a:dbus-broker_project:dbus-broker:25
-
cpe:2.3:a:dbus-broker_project:dbus-broker:26
-
cpe:2.3:a:dbus-broker_project:dbus-broker:27
-
cpe:2.3:a:dbus-broker_project:dbus-broker:28
-
cpe:2.3:a:dbus-broker_project:dbus-broker:29
-
cpe:2.3:a:dbus-broker_project:dbus-broker:3
-
cpe:2.3:a:dbus-broker_project:dbus-broker:30
-
cpe:2.3:a:dbus-broker_project:dbus-broker:4
-
cpe:2.3:a:dbus-broker_project:dbus-broker:5
-
cpe:2.3:a:dbus-broker_project:dbus-broker:6
-
cpe:2.3:a:dbus-broker_project:dbus-broker:7
-
cpe:2.3:a:dbus-broker_project:dbus-broker:8
-
cpe:2.3:a:dbus-broker_project:dbus-broker:9