VIR Vulnerability Intelligence Relay

CVE-2014-3638

low
Published 2014-09-22 · Modified 2026-05-06
CVSS v3
CVSS v2
2.1
VIR risk
2.1

Description

The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-3638

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://bugs.freedesktop.org/show_bug.cgi?id=81053

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed1.8.8-1
debian debianbullseyefixed1.8.8-1
debian debianforkyfixed1.8.8-1
debian debiansidfixed1.8.8-1
debian debiantrixiefixed1.8.8-1
suse suse12.3affected

Application impact
VendorProductVersionsFixed
d-bus_projectd-bus{"endIncluding":"1.6.22"}
freedesktopdbus1.6.0
freedesktopdbus1.6.2
freedesktopdbus1.6.4
freedesktopdbus1.6.6
freedesktopdbus1.6.8
freedesktopdbus1.6.10
freedesktopdbus1.6.12
freedesktopdbus1.6.14
freedesktopdbus1.6.16
freedesktopdbus1.6.18
freedesktopdbus1.6.20
freedesktopdbus1.8.0
freedesktopdbus1.8.2
freedesktopdbus1.8.4
freedesktopdbus1.8.6

References

CWEs

CWE-399

Verify integrity in audit chain (admin only). AS-IS.