Dbus-Broker depends on c-uitl/c-shquote to parse DBus service's Exec line. c-shquote contains a stack buffer over-read if a malicious Exec line is supplied.
Created dbus-broker tracking bugs for this issue: Affects: epel-8 [bug 2094721] Affects: fedora-all [bug 2094720]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6608 https://access.redhat.com/errata/RHSA-2022:6608
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-31212