CVE-2008-3834
dbus - denial of service
EPSS 1.5%
Description
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
How to fix CVE-2008-3834
To remediate CVE-2008-3834, upgrade the affected package to a fixed version below.
- Debian/dbus—upgrade to 1.2.1-4 or later
- Debian/dbus—upgrade to 1.0.2-1+etch2 or later
Is CVE-2008-3834 being exploited?
Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.2.1-4
- from 0, < 1.0.2-1+etch2