DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-XRW6-GWF8-VVR9: GHSA-XRW6-GWF8-VVR9: Signal Spoofing and Resource Exhaustion in Tmds.DBus

#security #cve #cybersecurity #ghsa

GHSA-XRW6-GWF8-VVR9: Signal Spoofing and Resource Exhaustion in Tmds.DBus

Vulnerability ID: GHSA-XRW6-GWF8-VVR9
CVSS Score: 7.1
Published: 2026-04-08

The GHSA-XRW6-GWF8-VVR9 vulnerability identifies multiple high-severity flaws in the Tmds.DBus and Tmds.DBus.Protocol .NET libraries. These components fail to properly authenticate the sender of D-Bus signals and mishandle file descriptor lifecycle operations during message parsing. A local unprivileged attacker connected to the D-Bus system or session bus can exploit these issues to execute denial-of-service attacks or manipulate application logic via spoofed signals.

TL;DR

Tmds.DBus and Tmds.DBus.Protocol are vulnerable to D-Bus signal spoofing and file descriptor exhaustion. Attackers with local D-Bus access can forge signals or crash applications by exhausting file handles. The maintainers have fixed these issues in versions 0.21.3 and 0.92.0.

Technical Details

  • Primary CWE IDs: CWE-345, CWE-400, CWE-20
  • Attack Vector: Local / Adjacent (D-Bus)
  • CVSS Score: 7.1 (High)
  • Impact: Denial of Service, Integrity Compromise
  • Exploit Maturity: None (No public PoC)
  • CISA KEV Status: Not Listed

Affected Systems

  • .NET applications implementing D-Bus clients
  • .NET applications implementing D-Bus servers
  • Systems relying on Tmds.DBus for Inter-Process Communication (IPC)
  • Tmds.DBus: < 0.21.3 (Fixed in: 0.21.3)
  • Tmds.DBus.Protocol: < 0.92.0 (Fixed in: 0.92.0)

Mitigation Strategies

  • Upgrade Tmds.DBus library to a fixed version.
  • Monitor system logs for "Too many open files" errors indicative of resource exhaustion.
  • Audit local D-Bus traffic for suspicious signal emissions and unverified senders.

Remediation Steps:

  1. Identify all .NET projects utilizing Tmds.DBus or Tmds.DBus.Protocol.
  2. Update the project dependencies in the .csproj files.
  3. Target version 0.21.3 or greater for Tmds.DBus.
  4. Target version 0.92.0 or greater for Tmds.DBus.Protocol.
  5. Recompile and redeploy the affected applications.
  6. Restart the affected services to clear any currently leaked file descriptors.

References

Read the full report for GHSA-XRW6-GWF8-VVR9 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)