Unrated severityNVD Advisory· Published Jun 8, 2020· Updated Aug 4, 2024

CVE-2020-12049

Description

An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

dbus/dbusdescription
Xorg/Dbusllm-fuzzy
Range: >=1.3.0, <1.12.18
osv-coords44 versions
pkg:rpm/opensuse/dbus-1&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/dbus-1&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/dbus-1&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/dbus-1-x11&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/dbus-1-x11&distro=openSUSE%20Leap%2015.3 pkg:rpm/suse/dbus-1&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Micro%205.0 pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/dbus-1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/dbus-1&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/dbus-1&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/dbus-1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/dbus-1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/dbus-1-x11&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/dbus-1-x11&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/dbus-1-x11&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/dbus-1-x11&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/dbus-1-x11&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/dbus-1-x11&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.12.2-lp152.6.6.1+ 43 more
- (no CPE)range: < 1.12.2-lp152.6.6.1
- (no CPE)range: < 1.12.2-8.11.2
- (no CPE)range: < 1.12.20-5.5
- (no CPE)range: < 1.12.2-lp152.6.6.1
- (no CPE)range: < 1.12.2-8.11.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.12.2-3.16.1
- (no CPE)range: < 1.12.2-3.16.1
- (no CPE)range: < 1.12.2-8.11.2
- (no CPE)range: < 1.12.2-8.11.2
- (no CPE)range: < 1.12.2-8.11.2
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-35.2
- (no CPE)range: < 1.12.2-3.16.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-35.2
- (no CPE)range: < 1.12.2-3.16.1
- (no CPE)range: < 1.8.22-35.2
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.12.2-3.16.1
- (no CPE)range: < 1.12.2-3.16.1
- (no CPE)range: < 1.12.2-8.11.1
- (no CPE)range: < 1.12.2-8.11.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-35.2
- (no CPE)range: < 1.12.2-3.16.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-35.2
- (no CPE)range: < 1.12.2-3.16.1
- (no CPE)range: < 1.8.22-35.2
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1
- (no CPE)range: < 1.8.22-29.21.1

Patches

Vulnerability mechanics

References

security.gentoo.org/glsa/202007-46mitrevendor-advisory
usn.ubuntu.com/4398-1/mitrevendor-advisory
usn.ubuntu.com/4398-2/mitrevendor-advisory
packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.htmlmitre
www.openwall.com/lists/oss-security/2020/06/04/3mitre
gitlab.freedesktop.org/dbus/dbus/-/issues/294mitre
gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.10.30mitre
gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.12.18mitre
gitlab.freedesktop.org/dbus/dbus/-/tags/dbus-1.13.16mitre
securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leakmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000