VDB

CVE-2020-35512

CVE-2020-35512 PUBLISHED

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

EPSS 0.03% · 10.4th percentile

Risk Scores

EPSS Score
0.03%
10.4th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:16.04:LTSdbus1.10.6-1ubuntu3.6, 1.10.6-1ubuntu3.5, 1.10.6-1ubuntu3.4
Ubuntu:Pro:14.04:LTSdbus1.6.18-0ubuntu1, 1.6.18-0ubuntu2, 1.6.12-0ubuntu10
Ubuntu:20.04:LTSdbus1.12.16-2ubuntu2, 1.12.16-2ubuntu1, 1.12.16-2ubuntu2.1
Ubuntu:18.04:LTSdbus1.12.0-1ubuntu1, 0, 1.10.22-1ubuntu1

Timeline

  • Feb 15, 2021 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›