CVE-2008-3834

Exp

The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.

Published: 2008-10-07 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2008-3834 is rated Exploit Available (58.2/100): CVSS Low severity, with high exploitation likelihood (EPSS 4.62%, 90th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +3.14% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2008-3834

EDB-ID Source Kind Published Link
7822 exploit_db edb 2009-01-19 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2008-3834

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 1.49% 4.62% +3.14%
2 2026-06-13 1.85% 1.49% -0.37%
3 2025-12-17 1.85%

Full EPSS history (13 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2008-3834

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
2.1 2.0 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 3.9 2.9 [email protected]

Weakness enumeration for CVE-2008-3834

OS Trackers for CVE-2008-3834

vendor priority summary link
debian not yet assigned CVE-2008-3834 not yet assigned priority: Debian including 1 source packages (dbus), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2008-3834
gentoo normal CVE-2008-3834: 1 GLSA(s) (200901-04), 1 atom(s) (sys-apps/dbus); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2008-3834
redhat medium https://access.redhat.com/security/cve/CVE-2008-3834
suse medium CVE-2008-3834 severity moderate: SUSE including 41 source package names (dbus-1-1.12.20-5.5, dbus-1-1.14.10-1.11, …), 41 product×package rows across 9 product lines (SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Server 11 SP2, … (9 product lines)): Fixed 41. https://www.suse.com/security/cve/CVE-2008-3834/
ubuntu low CVE-2008-3834 low priority: Ubuntu including 1 source packages (dbus), 5 status rows across 5 suites (dapper, feisty, gutsy, hardy, upstream): released 5. https://ubuntu.com/security/CVE-2008-3834

Affected software / configurations for CVE-2008-3834

Vendor Product Version Raw CPE
freedesktop dbus <= 1.1.4 cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*
freedesktop dbus 0.1 cpe:2.3:a:freedesktop:dbus:0.1:*:*:*:*:*:*:*
freedesktop dbus 0.2 cpe:2.3:a:freedesktop:dbus:0.2:*:*:*:*:*:*:*
freedesktop dbus 0.3 cpe:2.3:a:freedesktop:dbus:0.3:*:*:*:*:*:*:*
freedesktop dbus 0.4 cpe:2.3:a:freedesktop:dbus:0.4:*:*:*:*:*:*:*
freedesktop dbus 0.5 cpe:2.3:a:freedesktop:dbus:0.5:*:*:*:*:*:*:*
freedesktop dbus 0.6 cpe:2.3:a:freedesktop:dbus:0.6:*:*:*:*:*:*:*
freedesktop dbus 0.7 cpe:2.3:a:freedesktop:dbus:0.7:*:*:*:*:*:*:*
freedesktop dbus 0.8 cpe:2.3:a:freedesktop:dbus:0.8:*:*:*:*:*:*:*
freedesktop dbus 0.9 cpe:2.3:a:freedesktop:dbus:0.9:*:*:*:*:*:*:*
freedesktop dbus 0.10 cpe:2.3:a:freedesktop:dbus:0.10:*:*:*:*:*:*:*
freedesktop dbus 0.11 cpe:2.3:a:freedesktop:dbus:0.11:*:*:*:*:*:*:*
freedesktop dbus 0.12 cpe:2.3:a:freedesktop:dbus:0.12:*:*:*:*:*:*:*
freedesktop dbus 0.13 cpe:2.3:a:freedesktop:dbus:0.13:*:*:*:*:*:*:*
freedesktop dbus 0.20 cpe:2.3:a:freedesktop:dbus:0.20:*:*:*:*:*:*:*
freedesktop dbus 0.21 cpe:2.3:a:freedesktop:dbus:0.21:*:*:*:*:*:*:*
freedesktop dbus 0.22 cpe:2.3:a:freedesktop:dbus:0.22:*:*:*:*:*:*:*
freedesktop dbus 0.23 cpe:2.3:a:freedesktop:dbus:0.23:*:*:*:*:*:*:*
freedesktop dbus 0.23.1 cpe:2.3:a:freedesktop:dbus:0.23.1:*:*:*:*:*:*:*
freedesktop dbus 0.23.2 cpe:2.3:a:freedesktop:dbus:0.23.2:*:*:*:*:*:*:*
freedesktop dbus 0.23.3 cpe:2.3:a:freedesktop:dbus:0.23.3:*:*:*:*:*:*:*
freedesktop dbus 0.31 cpe:2.3:a:freedesktop:dbus:0.31:*:*:*:*:*:*:*
freedesktop dbus 0.32 cpe:2.3:a:freedesktop:dbus:0.32:*:*:*:*:*:*:*
freedesktop dbus 0.33 cpe:2.3:a:freedesktop:dbus:0.33:*:*:*:*:*:*:*
freedesktop dbus 0.34 cpe:2.3:a:freedesktop:dbus:0.34:*:*:*:*:*:*:*
freedesktop dbus 0.35 cpe:2.3:a:freedesktop:dbus:0.35:*:*:*:*:*:*:*
freedesktop dbus 0.35.1 cpe:2.3:a:freedesktop:dbus:0.35.1:*:*:*:*:*:*:*
freedesktop dbus 0.35.2 cpe:2.3:a:freedesktop:dbus:0.35.2:*:*:*:*:*:*:*
freedesktop dbus 0.36 cpe:2.3:a:freedesktop:dbus:0.36:*:*:*:*:*:*:*
freedesktop dbus 0.36.1 cpe:2.3:a:freedesktop:dbus:0.36.1:*:*:*:*:*:*:*
freedesktop dbus 0.36.2 cpe:2.3:a:freedesktop:dbus:0.36.2:*:*:*:*:*:*:*
freedesktop dbus 0.50 cpe:2.3:a:freedesktop:dbus:0.50:*:*:*:*:*:*:*
freedesktop dbus 0.61 cpe:2.3:a:freedesktop:dbus:0.61:*:*:*:*:*:*:*
freedesktop dbus 0.62 cpe:2.3:a:freedesktop:dbus:0.62:*:*:*:*:*:*:*
freedesktop dbus 0.90 cpe:2.3:a:freedesktop:dbus:0.90:*:*:*:*:*:*:*
freedesktop dbus 0.91 cpe:2.3:a:freedesktop:dbus:0.91:*:*:*:*:*:*:*
freedesktop dbus 0.92 cpe:2.3:a:freedesktop:dbus:0.92:*:*:*:*:*:*:*
freedesktop dbus 1.0.2 cpe:2.3:a:freedesktop:dbus:1.0.2:*:*:*:*:*:*:*
freedesktop dbus 1.1.1 cpe:2.3:a:freedesktop:dbus:1.1.1:*:*:*:*:*:*:*
freedesktop dbus 1.1.2 cpe:2.3:a:freedesktop:dbus:1.1.2:*:*:*:*:*:*:*
freedesktop dbus1.0 rc1 cpe:2.3:a:freedesktop:dbus1.0:rc1:*:*:*:*:*:*:*
freedesktop dbus1.0 rc2 cpe:2.3:a:freedesktop:dbus1.0:rc2:*:*:*:*:*:*:*
freedesktop dbus1.0 rc3 cpe:2.3:a:freedesktop:dbus1.0:rc3:*:*:*:*:*:*:*
freedesktop dbus1.1.0 cpe:2.3:a:freedesktop:dbus1.1.0:*:*:*:*:*:*:*:*

References for CVE-2008-3834

URL Tags
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html
http://secunia.com/advisories/32127 Vendor Advisory
http://secunia.com/advisories/32230
http://secunia.com/advisories/32281
http://secunia.com/advisories/32385
http://secunia.com/advisories/33396
http://www.debian.org/security/2008/dsa-1658
http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a
http://www.mandriva.com/security/advisories?name=MDVSA-2008:213
http://www.redhat.com/support/errata/RHSA-2009-0008.html
http://www.securityfocus.com/bid/31602
http://www.securitytracker.com/id?1021063
http://www.ubuntu.com/usn/usn-653-1
http://www.vupen.com/english/advisories/2008/2762
https://bugs.freedesktop.org/show_bug.cgi?id=17803
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834
https://exchange.xforce.ibmcloud.com/vulnerabilities/45701
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253
https://www.exploit-db.com/exploits/7822
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html
cvelogic Threat Intelligence