A flaw was found in dnf5. A local, unprivileged attacker can exploit a path traversal vulnerability in the D-Bus locale configuration. By providing a specially crafted string to the locale key during session opening, the attacker can force the dnf5daemon-server to terminate, leading to an application-level Denial of Service (DoS) with a core dump.
No data.
No data.
| Vendor | Product | Confidence | Versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Dnf5 | Dnf5 | 75% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 25 Mar 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Dnf5
Dnf5 dnf5 |
|
| Vendors & Products |
Dnf5
Dnf5 dnf5 |
Tue, 24 Mar 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in dnf5. A local, unprivileged attacker can exploit a path traversal vulnerability in the D-Bus locale configuration. By providing a specially crafted string to the locale key during session opening, the attacker can force the dnf5daemon-server to terminate, leading to an application-level Denial of Service (DoS) with a core dump. | |
| Title | dnf5: dnf5: Denial of Service via path traversal in D-Bus locale configuration | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
MITRE
No data.
Vulnrichment
No data.
NVD
No data.
Redhat
OpenCVE Enrichment
Updated: 2026-03-25T11:49:03Z
Weaknesses