216.73.217.64

CVE-2026-39959

· Published 09/04/2026 17:16 · Modified 09/04/2026 17:16

Labels: CVE-2026-39959 2026-04-09CVE-2026-39959CWE-290[email protected]

Essential information

Published
09/04/2026 17:16
Modified
09/04/2026 17:16
Author
Creator
CVSS
7.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS metrics

Description

Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by sending messages with an excessive number of Unix file descriptors, and crash the application by sending malformed message bodies that cause unhandled exceptions on the SynchronizationContext. This vulnerability is fixed in Tmds.DBus 0.92.0 and Tmds.DBus.Protocol 0.92.0 and 0.21.3.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
tmds / dbus cpe:2.3:a:tmds:dbus:0.92.0:*:*:*:*:*:*:*
tmds / dbus.protocol cpe:2.3:a:tmds:dbus.protocol:0.92.0:*:*:*:*:*:*:*
tmds / dbus.protocol cpe:2.3:a:tmds:dbus.protocol:0.21.3:*:*:*:*:*:*:*

References