SB2020060369 - Memory leak in dbus (Alpine package)
Published: June 3, 2020
Security Bulletin ID
SB2020060369
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2020-12049)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in libdbus when a message exceeds the per-message file descriptor limit. A local user with access to the D-Bus system bus or another system service's private AF_UNIX socket can make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=ad543f975b5702508d7fd407a90fe969f6615166
- https://git.alpinelinux.org/aports/commit/?id=2e63f747fe1e60480c416caab757d16e9c4765e7
- https://git.alpinelinux.org/aports/commit/?id=b1f51586c78b6c75de117e134bef3777d3aad447
- https://git.alpinelinux.org/aports/commit/?id=0c97df9e8787e643de194cf7e977a68467428793
- https://git.alpinelinux.org/aports/commit/?id=9b4acf3c4bd6232498f253edb91cac9d933cede4