CVE-2020-35512

Name
CVE-2020-35512
Description
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugs.gentoo.org/755392
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1909101
MISC https://security-tracker.debian.org/tracker/CVE-2020-35512
MISC https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:freedesktop:dbus:1.12.20:*:*:*:*:*:*:* dbus == None == 1.12.20

Vulnerable and fixed packages

Source package Branch Version Maintainer Status