DEBIAN-CVE-2020-1712

DEBIAN-CVE-2020-1712 PUBLISHED CVSS 7.800000190734863 HIGH

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:14	systemd	0, 0, 0
Debian:11	systemd	0, 0, 0
Debian:13	systemd	0, 0, 0
Debian:12	systemd	0, 0, 0

Timeline

Mar 31, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-1712 advisory

Open in Interactive Console →