CVE-2020-35512
15.02.2021, 17:15
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviorsEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| freedesktop | dbus | 1.12.20 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dbus-1 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| dbus-1-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| dbus-1-x11 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| libdbus-1-3 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| libdbus-1-3-32bit |
|
Common Weakness Enumeration
References