CVE-2020-35512

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-35512

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35512.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-35512

Related

Published

2021-02-15T17:15:12Z

Modified

2024-10-12T06:33:05.731019Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

References

Affected packages

Debian:11 / dbus

Package

Name: dbus
Purl: pkg:deb/debian/dbus?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / dbus

Package

Name: dbus
Purl: pkg:deb/debian/dbus?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / dbus

Package

Name: dbus
Purl: pkg:deb/debian/dbus?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.freedesktop.org/dbus/dbus

Affected ranges

Type: GIT
Repo: https://gitlab.freedesktop.org/dbus/dbus
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

ab88811768f750777d1a8b9d9ab12f13390bfd3a

Affected versions

dbus-0.*

dbus-0.1

dbus-0.10

dbus-0.11

dbus-0.12

dbus-0.13

dbus-0.2

dbus-0.20

dbus-0.21

dbus-0.22

dbus-0.23

dbus-0.3

dbus-0.31.0

dbus-0.32.0

dbus-0.33.0

dbus-0.34.0

dbus-0.35

dbus-0.36

dbus-0.4

dbus-0.5

dbus-0.50

dbus-0.6

dbus-0.60

dbus-0.61

dbus-0.62

dbus-0.7

dbus-0.8

dbus-0.9

dbus-0.90

dbus-0.91

dbus-0.92

dbus-0.93

dbus-0.94

dbus-0.95

dbus-1.*

dbus-1.0.0

dbus-1.1.0

dbus-1.1.2

dbus-1.1.20

dbus-1.1.3

dbus-1.1.4

dbus-1.10.0

dbus-1.10.10

dbus-1.10.12

dbus-1.10.14

dbus-1.10.16

dbus-1.10.18

dbus-1.10.2

dbus-1.10.20

dbus-1.10.22

dbus-1.10.4

dbus-1.10.6

dbus-1.10.8

dbus-1.11.0

dbus-1.11.10

dbus-1.11.12

dbus-1.11.14

dbus-1.11.16

dbus-1.11.18

dbus-1.11.2

dbus-1.11.20

dbus-1.11.22

dbus-1.11.4

dbus-1.11.6

dbus-1.11.8

dbus-1.12.0

dbus-1.12.10

dbus-1.12.12

dbus-1.12.14

dbus-1.12.16

dbus-1.12.18

dbus-1.12.2

dbus-1.12.20

dbus-1.12.4

dbus-1.12.6

dbus-1.12.8

dbus-1.2.1

dbus-1.2.10

dbus-1.2.12

dbus-1.2.14

dbus-1.2.16

dbus-1.2.18

dbus-1.2.20

dbus-1.2.22

dbus-1.2.24

dbus-1.2.3

dbus-1.2.4

dbus-1.2.6

dbus-1.2.8

dbus-1.3.0

dbus-1.3.1

dbus-1.4.0

dbus-1.4.1

dbus-1.4.10

dbus-1.4.12

dbus-1.4.14

dbus-1.4.16

dbus-1.4.18

dbus-1.4.20

dbus-1.4.4

dbus-1.4.6

dbus-1.4.8

dbus-1.5.0

dbus-1.5.10

dbus-1.5.12

dbus-1.5.2

dbus-1.5.4

dbus-1.5.6

dbus-1.5.8

dbus-1.6.0

dbus-1.6.10

dbus-1.6.12

dbus-1.6.14

dbus-1.6.16

dbus-1.6.18

dbus-1.6.2

dbus-1.6.4

dbus-1.6.6

dbus-1.6.8

dbus-1.7.0

dbus-1.7.10

dbus-1.7.2

dbus-1.7.4

dbus-1.7.6

dbus-1.7.8

dbus-1.8.0

dbus-1.8.10

dbus-1.8.12

dbus-1.8.14

dbus-1.8.16

dbus-1.8.18

dbus-1.8.2

dbus-1.8.20

dbus-1.8.4

dbus-1.8.6

dbus-1.8.8

dbus-1.9.0

dbus-1.9.10

dbus-1.9.12

dbus-1.9.14

dbus-1.9.16

dbus-1.9.18

dbus-1.9.2

dbus-1.9.20

dbus-1.9.4

dbus-1.9.6

dbus-1.9.8

Other

dbus-before-object-names-merge

dbus-object-names-branchpoint