---

CVE-2020-35512 - log back

CVE-2020-35512 edited at 15 Feb 2021 18:00:16
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ A use-after-free flaw was found in D-Bus before version 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.
References	+ https://bugs.gentoo.org/show_bug.cgi?id=755392 + https://lists.freedesktop.org/archives/ftp-release/2020-July/000758.html + https://github.com/freedesktop/dbus/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60
Notes

CVE-2020-35512 created at 15 Feb 2021 17:57:35