CVE-2020-35512
Vulnerability from cvelistv5
Published
2021-02-15 16:08
Modified
2024-11-19 15:32
Severity ?
Summary
A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors
Impacted products
Vendor Product Version
n/a dbus-1.12.x stable branch Version: <= 1.12.18 (Fixed: >= 1.12.20)
n/a dbus-1.10.x and older branches (EOL) Version: <= 1.10.30 (Fixed: 1.10.32)
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.036Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/755392"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-35512",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T15:31:25.634957Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T15:32:44.371Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "D-Bus Development branch",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.13.16 (Fixed: \u003e= 1.13.18)"
            }
          ]
        },
        {
          "product": "dbus-1.12.x stable branch",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.12.18 (Fixed: \u003e= 1.12.20)"
            }
          ]
        },
        {
          "product": "dbus-1.10.x and older branches (EOL)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.10.30 (Fixed: 1.10.32)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-After-Free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-08T20:46:11",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.gentoo.org/755392"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-35512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "D-Bus Development branch",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 1.13.16 (Fixed: \u003e= 1.13.18)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "dbus-1.12.x stable branch",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 1.12.18 (Fixed: \u003e= 1.12.20)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "dbus-1.10.x and older branches (EOL)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 1.10.30 (Fixed: 1.10.32)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use-After-Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.gentoo.org/755392",
              "refsource": "MISC",
              "url": "https://bugs.gentoo.org/755392"
            },
            {
              "name": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128",
              "refsource": "MISC",
              "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909101"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2020-35512",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2020-35512"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-35512",
    "datePublished": "2021-02-15T16:08:39",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-11-19T15:32:44.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-35512\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-02-15T17:15:12.993\",\"lastModified\":\"2024-11-21T05:27:28.203\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free flaw was found in D-Bus Development branch \u003c= 1.13.16, dbus-1.12.x stable branch \u003c= 1.12.18, and dbus-1.10.x and older branches \u003c= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo de uso de la memoria previamente liberada D-Bus rama de desarrollo versiones iguales o anteriores a 1.13.16, dbus-1.12.x rama estable versiones iguales o anteriores a 1.12.18, y dbus-1.10.x y ramas anteriores versiones iguales o anteriores a 1.10.30 cuando un sistema tiene m\u00faltiples nombres de usuario que comparten el mismo UID. Cuando un conjunto de reglas de pol\u00edtica hace referencia a estos nombres de usuario, D-Bus puede liberar algo de memoria en la pila, que sigue siendo utilizada por las estructuras de datos necesarias para los otros nombres de usuario que comparten el UID, lo que puede provocar un fallo u otros comportamientos indefinidos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freedesktop:dbus:1.12.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D03731AA-A978-47F1-AE31-4873554468E8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}],\"references\":[{\"url\":\"https://bugs.gentoo.org/755392\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1909101\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2020-35512\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugs.gentoo.org/755392\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1909101\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2020-35512\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.