Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-35512  

A use-after-free flaw was found in D-Bus before version 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.

Source
Severity Medium

Remote No

Type Arbitrary code execution

Description 

A use-after-free flaw was found in D-Bus before version 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.

AVG-1573 dbus 1.12.18-1 1.12.20-1 Medium Fixed 

https://bugs.gentoo.org/show_bug.cgi?id=755392
https://lists.freedesktop.org/archives/ftp-release/2020-July/000758.html
https://github.com/freedesktop/dbus/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started