Detections
Analytics
Alpine: multiple dbus packages: security update to 1.14.4-r0
medium Tenable Cloud Security Plugin ID 423849
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before
1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when
receiving a message with certain invalid type signatures. (CVE-2022-42010)
- An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before
1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when
receiving a message where an array length is inconsistent with the size of the element type.
(CVE-2022-42011)
- An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before
1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by
sending a message with attached file descriptors in an unexpected format. (CVE-2022-42012)
See Also
https://security.alpinelinux.org/vuln/CVE-2022-42010
Plugin Details
Severity: Medium
ID: 423849
Version: Revision 1.7
Type: Local
Published: 4/4/2025
Updated: 5/30/2025
Supported Sensors: Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS Score Source: CVE-2022-42012
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 10/6/2022