VYPR
← All advisories
Medium severity4.0NVD Advisory· Published Jul 1, 2014· Updated May 6, 2026

CVE-2014-3477

CVE-2014-3477

Description

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

Affected products

47
  • D Bus Project/D Bus3 versions
    cpe:2.3:a:d-bus_project:d-bus:1.2.4.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:d-bus_project:d-bus:1.2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:d-bus_project:d-bus:1.2.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:d-bus_project:d-bus:1.2.4.6:*:*:*:*:*:*:*
  • Freedesktop/Dbus44 versions
    cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*+ 43 more
    • cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.14:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.16:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.18:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.20:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.22:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.24:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.26:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.28:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.2.30:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.6.18:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.10:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.12:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.14:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.16:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.18:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.20:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.22:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.24:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.4.26:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.6.14:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:dbus:1.6.16:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

13

News mentions

0

No linked articles in our index yet.