Vulnerability Report

CVE-2014-3477

Title: Freedesktop Dbus Denial of Service (DoS)

DoS

Proof Of Concept

No public PoC currently indexed for CVE-2014-3477.

CWE Category NVD-CWE-noinfo

Published Date Jul 01, 2014

Modified Date May 06, 2026

Exploit Status Not Found

Score 4.0 CVSS v3.1

Exploit Probability (EPSS)

0.09%

Vulnerability Summary

CVE-2014-3477: The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

Impacted Vendors

d-bus 1

freedesktop 1

d-bus_project 1

Reference Links

http://advisories.mageia.org/MGASA-2014-0266.html http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567 http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://seclists.org/oss-sec/2014/q2/509 http://secunia.com/advisories/59428 http://secunia.com/advisories/59611 http://secunia.com/advisories/59798 http://www.debian.org/security/2014/dsa-2971 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 http://www.securityfocus.com/bid/67986 https://bugs.freedesktop.org/show_bug.cgi?id=78979 http://advisories.mageia.org/MGASA-2014-0266.html http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8&id=24c590703ca47eb71ddef453de43126b90954567 http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html http://seclists.org/oss-sec/2014/q2/509 http://secunia.com/advisories/59428 http://secunia.com/advisories/59611 http://secunia.com/advisories/59798 http://www.debian.org/security/2014/dsa-2971 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 http://www.securityfocus.com/bid/67986 https://bugs.freedesktop.org/show_bug.cgi?id=78979

CVSS v3.1

Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0

Severity MEDIUM

4.0

Attack Vector

LOCAL

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v2.0

Source Entity [email protected]

Severity LOW

2.1

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:L/AC:L/Au:N/C:N/I:N/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2014-3477 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

May 06, 2026 MODIFIED

Vulnerability data updated via NVD.

May 06, 2026 MODIFIED

Vulnerability data updated via NVD.

April 12, 2025 MODIFIED

Vulnerability data or affected products updated.

July 01, 2014 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector LOCAL

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Stack

No specific products linked.