Description
A flaw was found in dnf5. A local, unprivileged attacker can exploit a path traversal vulnerability in the D-Bus locale configuration. By providing a specially crafted string to the locale key during session opening, the attacker can force the dnf5daemon-server to terminate, leading to an application-level Denial of Service (DoS) with a core dump.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
No data.
No data.
| Vendor | Product | Confidence | Versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Dnf5 | Dnf5 | 75% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 25 Mar 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Dnf5
Dnf5 dnf5 |
|
| Vendors & Products |
Dnf5
Dnf5 dnf5 |
Tue, 24 Mar 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in dnf5. A local, unprivileged attacker can exploit a path traversal vulnerability in the D-Bus locale configuration. By providing a specially crafted string to the locale key during session opening, the attacker can force the dnf5daemon-server to terminate, leading to an application-level Denial of Service (DoS) with a core dump. | |
| Title | dnf5: dnf5: Denial of Service via path traversal in D-Bus locale configuration | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
MITRE
No data.
Vulnrichment
No data.
NVD
No data.
Redhat
OpenCVE Enrichment
Updated: 2026-03-25T11:49:03Z
Weaknesses