Lucene search

[email protected]CVE-2020-35512

HistoryFeb 15, 2021 - 5:15 p.m.

CVE-2020-35512

2021-02-1517:15:12

CWE-416

[email protected]

web.nvd.nist.gov

255

d-bus

cve-2020-35512

use-after-free flaw

security vulnerability

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

Affected configurations

Vulners

NVD

Node

jenkinsgithub_branch_sourceRange1.13.16–1.13.18

jenkinsgithub_branch_sourceRange1.12.18–1.12.20

freedesktopdbusRange1.10.30–1.10.32

VendorProductVersionCPE
jenkinsgithub_branch_source*cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:*:*:*:*
jenkinsgithub_branch_source*cpe:2.3:a:jenkins:github_branch_source:*:*:*:*:*:*:*:*
freedesktopdbus*cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jenkins	github_branch_source	*	cpe:2.3:a:jenkins:github_branch_source::::::::
jenkins	github_branch_source	*	cpe:2.3:a:jenkins:github_branch_source::::::::
freedesktop	dbus	*	cpe:2.3:a:freedesktop:dbus::::::::

CNA Affected

[
  {
    "product": "D-Bus Development branch",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "<= 1.13.16 (Fixed: >= 1.13.18)"
      }
    ]
  },
  {
    "product": "dbus-1.12.x stable branch",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "<= 1.12.18 (Fixed: >= 1.12.20)"
      }
    ]
  },
  {
    "product": "dbus-1.10.x and older branches (EOL)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "<= 1.10.30 (Fixed: 1.10.32)"
      }
    ]
  }
]