Your submission was sent successfully! Close

CVE-2020-35512

Published: 15 February 2021

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
dbus
Launchpad, Ubuntu, Debian
bionic
Released (1.12.2-1ubuntu1.3)
focal
Released (1.12.16-2ubuntu2.2)
groovy Not vulnerable
(1.12.20-1ubuntu1)
hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

precise Ignored
(end of ESM support, was needed)
trusty Needed

upstream
Released (1.12.20-1)
xenial
Released (1.10.6-1ubuntu3.6+esm1)