VulnerableCode Package Details - pkg:alpm/archlinux/dbus@1.12.18-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-vqkm-aqvg-aaaj Aliases: CVE-2020-35512	A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors	1.12.20-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-vqkm-aqvg-aaaj
Aliases:
CVE-2020-35512

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

1.12.20-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-36vh-mccp-aaag	An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.	CVE-2020-12049

Vulnerability

Summary

Aliases

VCID-36vh-mccp-aaag

An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

CVE-2020-12049

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:47:05.808026+00:00	Arch Linux Importer	Fixing	VCID-36vh-mccp-aaag	https://security.archlinux.org/AVG-1183	36.0.0
2025-03-28T07:46:44.409168+00:00	Arch Linux Importer	Affected by	VCID-vqkm-aqvg-aaaj	https://security.archlinux.org/AVG-1573	36.0.0
2024-12-17T23:22:08.068928+00:00	Arch Linux Importer	Fixing	VCID-36vh-mccp-aaag	https://security.archlinux.org/AVG-1183	35.0.0
2024-09-18T02:02:29.433788+00:00	Arch Linux Importer	Fixing	VCID-36vh-mccp-aaag	https://security.archlinux.org/AVG-1183	34.0.1
2024-09-18T02:02:05.276940+00:00	Arch Linux Importer	Affected by	VCID-vqkm-aqvg-aaaj	https://security.archlinux.org/AVG-1573	34.0.1
2024-01-03T22:28:30.189666+00:00	Arch Linux Importer	Fixing	VCID-36vh-mccp-aaag	https://security.archlinux.org/AVG-1183	34.0.0rc1
2024-01-03T22:28:07.775313+00:00	Arch Linux Importer	Affected by	VCID-vqkm-aqvg-aaaj	https://security.archlinux.org/AVG-1573	34.0.0rc1