CVE-2020-35512 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	A use-after-free flaw was found in D-Bus before version 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1573	dbus	1.12.18-1	1.12.20-1	Medium	Fixed

References
https://bugs.gentoo.org/show_bug.cgi?id=755392 https://lists.freedesktop.org/archives/ftp-release/2020-July/000758.html https://github.com/freedesktop/dbus/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60

References

https://bugs.gentoo.org/show_bug.cgi?id=755392
https://lists.freedesktop.org/archives/ftp-release/2020-July/000758.html
https://github.com/freedesktop/dbus/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60