Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service
Vulnerability Description
Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, and crash the application by sending malformed message bodies that cause unhandled exceptions on the SynchronizationContext. This vulnerability is fixed in Tmds.DBus 0.92.0 and Tmds.DBus.Protocol 0.92.0 and 0.21.3.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
D-Bus 安全漏洞
Vulnerability Description
D-Bus是D-Bus开源的一个 D-Bus 规范和参考实现。 D-Bus 0.92.0之前版本和Tmds.DBus.Protocol 0.92.0及0.21.3之前版本存在安全漏洞,该漏洞源于易受恶意D-Bus对等方攻击,可能导致欺骗信号、耗尽系统资源或使应用程序崩溃。
CVSS Information
N/A
Vulnerability Type
N/A