CVE-2020-12049

CWE-404CWE-400Uncontrolled Resource Consumption9 documents7 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 74.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Freedesktop DbusCanonical Ubuntu Linux
Timeline
PublishedJun 8
Latest updateJun 19

Description

An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDfreedesktop/dbus1.3.01.12.18
Debiandbus< 1.12.18-1+3

Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.10, 20.04

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

2
CVEList
CVE-2020-12049: An issue was discovered in dbus >= 12020-06-08
OSV
CVE-2020-12049: An issue was discovered in dbus >= 12020-06-08

📋Vendor Advisories

4
Ubuntu
DBus vulnerability2020-06-16
Ubuntu
DBus vulnerability2020-06-16
Red Hat
dbus: denial of service via file descriptor leak2020-06-04
Debian
CVE-2020-12049: dbus - An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdb...2020

💬Community

2
Bugzilla
CVE-2020-12049 dbus: denial of service via file descriptor leak [fedora-all]2020-06-19
Bugzilla
CVE-2020-12049 dbus: denial of service via file descriptor leak2020-06-19
CVE-2020-12049 (MEDIUM CVSS 5.5) | An issue was discovered in dbus >= | cvebase.io