CVE-2024-0217

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-0217
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-0217.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-0217
Downstream
Related
Published
2024-01-03T17:15:12Z
Modified
2025-09-19T14:49:31.204227Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.

References

Affected packages

Git / github.com/hughsie/packagekit

Affected ranges

Type
GIT
Repo
https://github.com/hughsie/packagekit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9915e1b611e6d662f67e6c1dcd4e7fda5c31cba8
Type
GIT
Repo
https://github.com/packagekit/packagekit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
64278c9127e3333342b56ead99556161f7e86f79

Affected versions

Other

PACKAGEKIT_0_1_0
PACKAGEKIT_0_1_1
PACKAGEKIT_0_1_10
PACKAGEKIT_0_1_11
PACKAGEKIT_0_1_2
PACKAGEKIT_0_1_3
PACKAGEKIT_0_1_4
PACKAGEKIT_0_1_5
PACKAGEKIT_0_1_6
PACKAGEKIT_0_1_7
PACKAGEKIT_0_1_8
PACKAGEKIT_0_1_9
PACKAGEKIT_0_2_0
PACKAGEKIT_0_2_1
PACKAGEKIT_0_2_2
PACKAGEKIT_0_3_0
PACKAGEKIT_0_3_1
PACKAGEKIT_0_3_10
PACKAGEKIT_0_3_11
PACKAGEKIT_0_3_2
PACKAGEKIT_0_3_3
PACKAGEKIT_0_3_4
PACKAGEKIT_0_3_5
PACKAGEKIT_0_3_6
PACKAGEKIT_0_3_7
PACKAGEKIT_0_3_8
PACKAGEKIT_0_3_9
PACKAGEKIT_0_4_0
PACKAGEKIT_0_4_1
PACKAGEKIT_0_4_2
PACKAGEKIT_0_4_3
PACKAGEKIT_0_4_4
PACKAGEKIT_0_4_5
PACKAGEKIT_0_4_6
PACKAGEKIT_0_4_7
PACKAGEKIT_0_4_8
PACKAGEKIT_0_5_0
PACKAGEKIT_0_5_1
PACKAGEKIT_0_5_2
PACKAGEKIT_0_5_3
PACKAGEKIT_0_5_5
PACKAGEKIT_0_6_0
PACKAGEKIT_0_6_1
PACKAGEKIT_0_6_10
PACKAGEKIT_0_6_11
PACKAGEKIT_0_6_12
PACKAGEKIT_0_6_13
PACKAGEKIT_0_6_14
PACKAGEKIT_0_6_15
PACKAGEKIT_0_6_16
PACKAGEKIT_0_6_2
PACKAGEKIT_0_6_3
PACKAGEKIT_0_6_4
PACKAGEKIT_0_6_5
PACKAGEKIT_0_6_6
PACKAGEKIT_0_6_7
PACKAGEKIT_0_6_8
PACKAGEKIT_0_6_9
PACKAGEKIT_0_7_0
PACKAGEKIT_0_7_1
PACKAGEKIT_0_7_2
PACKAGEKIT_0_7_3
PACKAGEKIT_0_7_4
PACKAGEKIT_0_8_1
PACKAGEKIT_0_8_10
PACKAGEKIT_0_8_11
PACKAGEKIT_0_8_12
PACKAGEKIT_0_8_13
PACKAGEKIT_0_8_14
PACKAGEKIT_0_8_2
PACKAGEKIT_0_8_3
PACKAGEKIT_0_8_4
PACKAGEKIT_0_8_5
PACKAGEKIT_0_8_6
PACKAGEKIT_0_8_7
PACKAGEKIT_0_8_8
PACKAGEKIT_0_8_9
PACKAGEKIT_0_9_1
PACKAGEKIT_0_9_2
PACKAGEKIT_0_9_3
PACKAGEKIT_0_9_4
PACKAGEKIT_0_9_5
PACKAGEKIT_1_0_0
PACKAGEKIT_1_0_1
PACKAGEKIT_1_0_10
PACKAGEKIT_1_0_11
PACKAGEKIT_1_0_2
PACKAGEKIT_1_0_3
PACKAGEKIT_1_0_4
PACKAGEKIT_1_0_5
PACKAGEKIT_1_0_6
PACKAGEKIT_1_0_7
PACKAGEKIT_1_0_8
PACKAGEKIT_1_0_9
PACKAGEKIT_1_1_0
PACKAGEKIT_1_1_1
PACKAGEKIT_1_1_10
PACKAGEKIT_1_1_11
PACKAGEKIT_1_1_12
PACKAGEKIT_1_1_13
PACKAGEKIT_1_1_2
PACKAGEKIT_1_1_3
PACKAGEKIT_1_1_4
PACKAGEKIT_1_1_5
PACKAGEKIT_1_1_6
PACKAGEKIT_1_1_7
PACKAGEKIT_1_1_8
PACKAGEKIT_1_1_9
PACKAGEKIT_1_2_0
PACKAGEKIT_1_2_1
PACKAGEKIT_1_2_2
PACKAGEKIT_1_2_3
PACKAGEKIT_1_2_4
PACKAGEKIT_1_2_5

v1.*

v1.2.6

Database specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/packagekit/packagekit/commit/64278c9127e3333342b56ead99556161f7e86f79",
            "target": {
                "file": "src/pk-transaction.c"
            },
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "69110401875055153638018526870323614788",
                    "104936221520995987981509473286540388469",
                    "284850847472260449698388863213100776869",
                    "33786011828446133669880393923746326194",
                    "111480205983780487965060550645008160044",
                    "316624392811831117073588737815180568666",
                    "13349957417997647440873044018551392340",
                    "252578080632256012307756048094668849918"
                ]
            },
            "id": "CVE-2024-0217-8195f6c2"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/packagekit/packagekit/commit/64278c9127e3333342b56ead99556161f7e86f79",
            "target": {
                "file": "src/pk-transaction.c",
                "function": "pk_transaction_finished_emit"
            },
            "signature_version": "v1",
            "digest": {
                "function_hash": "416716534804417372517382757260205436",
                "length": 362.0
            },
            "id": "CVE-2024-0217-f826b9d0"
        }
    ]
}