Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-35512

Опубликовано: 15 фев. 2021
Источник: debian
EPSS Низкий

Описание

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

Пакеты

ПакетСтатусВерсия исправленияРелизТип
dbusfixed1.12.20-1package
dbusfixed1.12.20-0+deb10u1busterpackage
dbusfixed1.10.32-0+deb9u1stretchpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=1909101

  • https://gitlab.freedesktop.org/dbus/dbus/-/issues/305

  • https://gitlab.freedesktop.org/dbus/dbus/-/commit/2b7948ef907669e844b52c4fa2268d6e3162a70c (dbus-1.13.18)

  • https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20)

  • https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32)

EPSS

Процентиль: 9%
0.00034
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-35512

CVSS3: 7.8
ubuntu
почти 5 лет назад

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

redhat логотип

CVE-2020-35512

CVSS3: 7
redhat
больше 5 лет назад

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

nvd логотип

CVE-2020-35512

CVSS3: 7.8
nvd
почти 5 лет назад

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

suse-cvrf логотип

openSUSE-SU-2021:2292-1

suse-cvrf
больше 4 лет назад

Security update for dbus-1

suse-cvrf логотип

openSUSE-SU-2021:1056-1

suse-cvrf
больше 4 лет назад

Security update for dbus-1

EPSS

Процентиль: 9%
0.00034
Низкий