CVE-2020-1712

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1712

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1712.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1712

Related

Published

2020-03-31T17:15:26Z

Modified

2024-09-18T03:09:05.723465Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

References

Affected packages

Debian:11 / systemd

Package

Name: systemd
Purl: pkg:deb/debian/systemd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

244.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / systemd

Package

Name: systemd
Purl: pkg:deb/debian/systemd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

244.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / systemd

Package

Name: systemd
Purl: pkg:deb/debian/systemd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

244.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/systemd/systemd

Affected ranges

Type: GIT
Repo: https://github.com/systemd/systemd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1068447e6954dc6ce52f099ed174c442cb89ed54

Fixed

637486261528e8aa3da9f26a4487dc254f4b7abb

Fixed

bc130b6858327b382b07b3985cf48e2aa9016b2d

Fixed

ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2

Affected versions

Other

001

002

003

004

005

006

007

008

009

010

011

012

013

014

015

016

017

018

019

020

021

022

023

024

025

026

027

028

029

030

031

032

033

034

035

036

037

038

039

040

042

043

044

045

046

047

048

049

050

051

052

053

054

055

056

057

058

059

060

061

062

064

174

175

176

177

178

179

180

181

182

v10

v11

v12

v13

v14

v15

v16

v17

v18

v183

v184

v185

v186

v187

v188

v189

v19

v190

v191

v192

v193

v194

v195

v196

v197

v198

v199

v20

v200

v201

v202

v203

v204

v205

v206

v207

v208

v209

v21

v210

v211

v212

v213

v214

v215

v216

v217

v218

v219

v22

v220

v221

v222

v223

v224

v225

v226

v227

v228

v229

v23

v230

v231

v232

v233

v234

v235

v236

v237

v238

v239

v24

v240

v241

v241-rc1

v241-rc2

v242

v242-rc1

v242-rc2

v242-rc3

v242-rc4

v243

v243-rc1

v243-rc2

v244

v244-rc1

v25

v26

v27

v28

v29

v30

v31

v32

v33

v34

v35

v36

v37

v38

v39

v40

v41

v42

v43

v44

v243.*

v243.1