Preface: A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Furthermore, NULL pointer dereference issues can occur through a number of flaws including race conditions.

Background: D-Bus is an inter-process communication (IPC) mechanism initially designed to replace the software component communications systems used by the GNOME and KDE Linux desktop environments. The dbus-broker project is an implementation of a message bus as defined by the D-Bus specification.

Project using D-Bus

• KDE: A desktop environment based on Qt
• Gnome: A desktop environment based on gtk
• Systemd: An init system
• Network-manager: A daemon to manage network interfaces
• Bluez: A project adding Bluetooth support under Linux

dbus-broker is an implementation of the D-Bus Message Bus Specification. Each instance provides a single, unique message bus that clients can connect to, and send messages over. The broker takes care of message mediation, access control, subscriptions, and bus control, according to the D-Bus specification.

Vulnerability details: An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.

Ref: Expat is a library, written in C, for parsing XML documents. The goal of a parser is to transform XML into a readable code. XML parser is a software library or a package that provides interface for client applications to work with XML documents. It checks for proper format of the XML document and may also validate the XML documents.

Solution: Update to the latest version – https://github.com/bus1/dbus-broker/releases/tag/v31

Proof of concept and related technical matters – refer to the link
https://sec-consult.com/vulnerability-lab/advisory/memory-corruption-vulnerabilities-dbus-broker/