dbus-fast is vulnerable to Denial of Service (DoS)
42
Medium Risk
The pre-authentication line readers in the asyncio and GLib message bus backends read the D-Bus auth handshake into a buffer without any size cap and without handling a closed connection. A hostile peer that streams bytes without a terminating CRLF forces the buffer to grow until host memory is exhausted, and on the asyncio path an abrupt disconnect makes the reader spin on empty reads and hang. The fix caps the auth line at 16 KiB, reads in bounded chunks, and raises an AuthError when the peer sends EOF mid-handshake. Both _auth_readline and the GLib _AuthLineSource now surface the error instead of growing unbounded or looping forever.
You are affected if you are using a version that falls within the vulnerable range and your application connects to an untrusted D-Bus peer.
dbus-fast is vulnerable to Denial of Service (DoS) in versions 1.0.0 - 4.2.4.
Upgrade the dbus-fast library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant