dbus-fast is vulnerable to Denial of Service (DoS)
41
Medium Risk
The introspection XML parser in introspection.py recursively parses nested <node> elements via Node.from_xml without bounding the recursion depth. Introspection XML is parsed from the reply to an org.freedesktop.DBus.Introspectable.Introspect call, so a hostile or buggy peer can return a document with deeply nested <node> elements and exhaust the Python (or C) stack, crashing the consuming process. The fix routes parsing through Node._from_xml with a depth counter and raises InvalidIntrospectionError once nesting exceeds _MAX_NODE_DEPTH (32).
You are affected if you are using a version that falls within the vulnerable range.
dbus-fast is vulnerable to Denial of Service (DoS) in versions 1.0.0 - 5.0.1.
Upgrade the dbus-fast library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant