CVE-2020-15710

EPSS 0.03%
Veröffentlicht 19.11.2020 03:15:12
Zuletzt bearbeitet 21.11.2024 05:06:04
Quelle security@ubuntu.com
CVE-Watchlists
Login
Unerledigt
Login

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu1

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu2

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3.1

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3.2

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3.3

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3.4

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3.5

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3.6

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3.7

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3.8

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3.9

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3.10

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3.11

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu3.12

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Pulseaudio Project ≫ Pulseaudio Version1:8.0-0ubuntu4

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.082

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:P/I:N/A:P
security@ubuntu.com	5.3	1	4.2	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

https://launchpad.net/bugs/1884738

Third Party Advisory

Issue Tracking

https://ubuntu.com/USN-4519-1

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-15710

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15710

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15710

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-15710