CVE-2020-12049

CVE	CVE-2020-12049
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-06-08 17:15:00 UTC
Updated	2023-06-12 07:15:00 UTC
Description	An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

Problem Types: CWE-404

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	19.10	All	All	All
Operating System	Canonical	Ubuntu Linux	20.04	All	All	All
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	19.10	All	All	All
Operating System	Canonical	Ubuntu Linux	20.04	All	All	All
Application	Freedesktop	Dbus	All	All	All	All
Application	Freedesktop	Dbus	All	All	All	All

Reference	Source	Link	Tags
D-Bus: Denial of service (GLSA 202007-46) — Gentoo security	GENTOO	security.gentoo.org	Third Party Advisory
dbus-1.13.16 · Tags · dbus / dbus · GitLab	MISC	gitlab.freedesktop.org	Third Party Advisory
dbus-1.12.18 · Tags · dbus / dbus · GitLab	MISC	gitlab.freedesktop.org	Third Party Advisory
dbus-1.10.30 · Tags · dbus / dbus · GitLab	MISC	gitlab.freedesktop.org	Third Party Advisory
USN-4398-1: DBus vulnerability \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com	Third Party Advisory
CVE-2020-12049: File descriptor leak in _dbus_read_socket_with_unix_fds (#294) · Issues · dbus / dbus · GitLab	MISC	gitlab.freedesktop.org	Exploit, Third Party Advisory
USN-4398-2: DBus vulnerability \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com	Third Party Advisory
D-Bus File Descriptor Leak Denial Of Service ≈ Packet Storm	MISC	packetstormsecurity.com
oss-security - CVE-2020-12049: dbus: denial of service via file descriptor leak	CONFIRM	www.openwall.com	Mailing List, Patch, Third Party Advisory
GHSL-2020-057: dbus file descriptor leak (DoS) - CVE-2020-12049 - GitHub Security Lab	MISC	securitylab.github.com	Exploit, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

296071 Oracle Solaris 11.4 Support Repository Update (SRU) 27.82.1 Missing (CPUOCT2020)
354106 Amazon Linux Security Advisory for dbus : ALAS2-2022-1870
375777 F5 BIG-IP Application Security Manager(ASM), Local Traffic Manager(LTM),Access Policy Manager(APM) D-Bus Vulnerability (K16729408)
377017 Alibaba Cloud Linux Security Update for dbus (ALINUX2-SA-2020:0105)
377142 Alibaba Cloud Linux Security Update for dbus (ALINUX3-SA-2022:0097)
500144 Alpine Linux Security Update for dbus
503794 Alpine Linux Security Update for dbus
6140259 AWS Bottlerocket Security Update for dbus (GHSA-v99w-84vx-mgw6)
750870 SUSE Enterprise Linux Security Update for dbus-1 (SUSE-SU-2021:2424-1)
750895 SUSE Enterprise Linux Security Update for dbus-1 (SUSE-SU-2021:2470-1)
750909 SUSE Enterprise Linux Security Update for dbus-1 (SUSE-SU-2021:2590-1)
751004 OpenSUSE Security Update for dbus-1 (openSUSE-SU-2021:2810-1)
751052 OpenSUSE Security Update for dbus-1 (openSUSE-SU-2021:1204-1)