CVE-2020-35512 - log back

CVE-2020-35512 edited at 15 Feb 2021 18:00:16
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ A use-after-free flaw was found in D-Bus before version 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.
References
+ https://bugs.gentoo.org/show_bug.cgi?id=755392
+ https://lists.freedesktop.org/archives/ftp-release/2020-July/000758.html
+ https://github.com/freedesktop/dbus/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60
Notes
CVE-2020-35512 created at 15 Feb 2021 17:57:35