CVE-2020-35512
Published: Feb 15, 2021
Modified: Nov 19, 2024
Description
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
| Vendor | Product | Versions |
|---|---|---|
n/a | D-Bus Development branch | affected <= 1.13.16 (Fixed: >= 1.13.18) |
n/a | dbus-1.12.x stable branch | affected <= 1.12.18 (Fixed: >= 1.12.20) |
n/a | dbus-1.10.x and older branches (EOL) | affected <= 1.10.30 (Fixed: 1.10.32) |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now