CVE-2020-15710 — Double Free in Pulseaudio

CWE-415 — Double Free7 documents6 sources

Severity

6.1MEDIUMNVD

CNA5.3

EPSS

0.0%

top 90.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Pulseaudio Pulseaudio Pulseaudio Project Pulseaudio

Timeline

PublishedNov 19

Latest updateMay 24

Description

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:HExploitability: 1.8 | Impact: 4.2

Affected Packages3 packages

▶CVEListV5canonical/pulseaudio1:8.0 — 1:8.0-0ubuntu3.14

▶Ubuntupulseaudio/pulseaudio< 1:8.0-0ubuntu3.14

▶NVDpulseaudio_project/pulseaudio1\

🔴Vulnerability Details

GHSA

GHSA-87cm-47xv-j472: Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program↗2022-05-24

▶

CVEList

Potential double-free in pulseaudio↗2020-11-19

▶

OSV

pulseaudio vulnerability↗2020-09-17

▶

OSV

CVE-2020-15710: Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program↗2020-09-17

▶

📋Vendor Advisories

Ubuntu

PulseAudio vulnerability↗2020-09-17

▶

Debian

CVE-2020-15710: pulseaudio - Potential double free in Bluez 5 module of PulseAudio could allow a local attack...↗2020

▶