CVE-2011-2200

The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.

Published: Jun 23, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2200
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
d-bus_project / d-bus	1.2.4.2	1.2.4.2.x
d-bus_project / d-bus	1.2.4.4	1.2.4.4.x
d-bus_project / d-bus	1.2.4.6	1.2.4.6.x
freedesktop / dbus	1.5.0	1.5.0.x
freedesktop / dbus	1.5.2	1.5.2.x
freedesktop / dbus	1.4.6	1.4.6.x
freedesktop / dbus	1.4.8	1.4.8.x
freedesktop / dbus	1.4.1	1.4.1.x
freedesktop / dbus	1.4.0	1.4.0.x
freedesktop / dbus	1.4.10	1.4.10.x
freedesktop / dbus	1.4.4	1.4.4.x
freedesktop / dbus	1.2.26	1.2.26.x
freedesktop / dbus	1.2.20	1.2.20.x
freedesktop / dbus	1.2.4	1.2.4.x
freedesktop / dbus	1.2.1	1.2.1.x
freedesktop / dbus	1.2.10	1.2.10.x
freedesktop / dbus	1.2.6	1.2.6.x
freedesktop / dbus	1.2.24	1.2.24.x
freedesktop / dbus	1.2.22	1.2.22.x
freedesktop / dbus	1.2.18	1.2.18.x
freedesktop / dbus	1.2.8	1.2.8.x
freedesktop / dbus	1.2.16	1.2.16.x
freedesktop / dbus	1.2.12	1.2.12.x
freedesktop / dbus	1.2.3	1.2.3.x
freedesktop / dbus	1.2.14	1.2.14.x
freedesktop / dbus	1.2.2	1.2.2.x

Vulnerability Database

289,599

CVE-2011-2200