CVE-2019-20386

CWE-401Memory LeakCWE-772CWE-400Uncontrolled Resource Consumption11 documents9 sources
Severity
2.4LOW
EPSS
0.2%
top 64.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Systemd Project SystemdCanonical Ubuntu LinuxFedoraproject Fedora+1 more
Timeline
PublishedJan 21
Latest updateMay 24

Description

An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 0.9 | Impact: 1.4

Affected Packages4 packages

Debiansystemd< 243-5+3
Ubuntusystemd< 229-4ubuntu21.27+1
NVDopensuse/leap15.1

Also affects: Fedora 30, Ubuntu Linux 16.04, 18.04, 19.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-v2g8-4fgq-7rhx: An issue was discovered in button_open in login/logind-button2022-05-24
OSV
systemd vulnerabilities2020-02-05
OSV
CVE-2019-20386: An issue was discovered in button_open in login/logind-button2020-01-21
CVEList
CVE-2019-20386: An issue was discovered in button_open in login/logind-button2020-01-21

📋Vendor Advisories

4
Ubuntu
systemd vulnerabilities2020-02-05
Red Hat
systemd: memory leak in button_open() in login/logind-button.c when udev events are received2020-01-22
Microsoft
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command a memory leak may occur.2020-01-14
Debian
CVE-2019-20386: systemd - An issue was discovered in button_open in login/logind-button.c in systemd befor...2019

💬Community

2
Bugzilla
CVE-2019-20386 systemd: memory leak in button_open() in login/logind-button.c when udev events are received2020-01-22
Bugzilla
CVE-2019-20386 systemd: a memory leak was discovered in button_open in login/logind-button.c when executing the udevadm trigger command [fedora-30]2020-01-22