Vulnerability CVE-2020-35512

Vulnerability Name:

CVE-2020-35512 (CCN-197051)

Assigned:

2020-11-28

Published:

2020-11-28

Updated:

2021-03-08

Summary:

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-416

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-35512

Source: CCN
Type: Gentoo's Bugzilla Bug 755392
(CVE-2020-35512) -

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugs.gentoo.org/755392

Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1909101

Source: XF
Type: UNKNOWN
dbus-cve202035512-dos(197051)

Source: MISC
Type: UNKNOWN
https://gitlab.freedesktop.org/dbus/dbus/-/issues/305#note_829128

Source: CCN
Type: Freedesktop Web site
[Ftp-release] Announcing dbus 1.12.20 security update

Source: MISC
Type: UNKNOWN
https://security-tracker.debian.org/tracker/CVE-2020-35512

Vulnerable Configuration:

Configuration 1:

cpe:/a:d-bus_project:d-bus:1.12.20:*:*:*:*:*:*:*

AND

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:d-bus_project:d-bus:1.12.20:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7479	P	dbus-1-1.12.2-150400.18.5.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51932	P	Security update for colord (Moderate)	2022-10-04
oval:org.opensuse.security:def:739	P	Security update for icu (Moderate)	2022-09-07
oval:org.opensuse.security:def:95313	P	Security update for webkit2gtk3 (Important) (in QA)	2022-08-01
oval:org.opensuse.security:def:3640	P	Security update for ceph (Important) (in QA)	2022-07-15
oval:org.opensuse.security:def:6087	P	Security update for dpdk (Important)	2022-07-05
oval:org.opensuse.security:def:3454	P	colord-gtk-lang-0.1.26-6.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94566	P	gmp-devel-6.1.2-4.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94535	P	dbus-1-1.12.2-150400.16.52 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2905	P	dbus-1-1.12.2-150400.16.52 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:99501	P	(Moderate)	2022-03-15
oval:org.opensuse.security:def:102026	P	Security update for the Linux Kernel (Important)	2022-03-08
oval:org.opensuse.security:def:99700	P	(Important)	2021-12-06
oval:org.opensuse.security:def:100008	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:93101	P	(Important)	2021-08-17
oval:org.opensuse.security:def:101279	P	libpcp-devel-4.3.1-3.11.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:87435	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:125577	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:32971	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:58794	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:89428	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:85703	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:31239	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:57062	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:88164	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:126746	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:33692	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:23639	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:59515	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:86124	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:31660	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:57483	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:88478	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:84186	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:127143	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:33950	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:23944	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:59773	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:51627	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:86622	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:32158	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:57981	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:89170	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:84645	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:34490	P	Security update for dbus-1 (Important)	2021-07-21
oval:org.opensuse.security:def:26093	P	Security update for dbus-1 (Important)	2021-07-21
oval:org.opensuse.security:def:60313	P	Security update for dbus-1 (Important)	2021-07-21
oval:org.opensuse.security:def:5080	P	Security update for dbus-1 (Important)	2021-07-21
oval:org.opensuse.security:def:110970	P	Security update for dbus-1 (Important)	2021-07-19
oval:org.opensuse.security:def:8999	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:92750	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:42099	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:69891	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:99657	P	(Important)	2021-07-12
oval:org.opensuse.security:def:99302	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:92160	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:101470	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:67176	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:108692	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:75922	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:92948	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:99971	P	(Important)	2021-07-12
oval:org.opensuse.security:def:64543	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:10302	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:92352	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:98915	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:76244	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:9552	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:70442	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:100307	P	(Important)	2021-07-12
oval:org.opensuse.security:def:64729	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:111615	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:73665	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:8804	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:92551	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:69692	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:99394	P	(Important)	2021-07-12
oval:org.opensuse.security:def:99110	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:9751	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:93254	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:117460	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:5765	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:91965	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:100635	P	(Important)	2021-07-12
oval:org.opensuse.security:def:66854	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:107945	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:73851	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:97149	P	Security update for dbus-1 (Important)	2021-06-30
oval:org.opensuse.security:def:10114	P	Security update for dbus-1 (Important)	2021-06-30
oval:org.opensuse.security:def:9360	P	Security update for dbus-1 (Important)	2021-06-30
oval:org.opensuse.security:def:70254	P	Security update for dbus-1 (Important)	2021-06-30
oval:org.opensuse.security:def:8616	P	Security update for dbus-1 (Important)	2021-06-30
oval:org.opensuse.security:def:69500	P	Security update for dbus-1 (Important)	2021-06-30

BACK