7.8
CVE-2021-3939
- EPSS 0.15%
- Veröffentlicht 17.11.2021 04:15:06
- Zuletzt bearbeitet 21.11.2024 06:22:49
- Quelle security@ubuntu.com
- Teams Watchlist Login
- Unerledigt Login
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Accountsservice Version >= 0.6.55-0ubuntu12\~20.04 < 0.6.55-0ubuntu12\~20.05
Canonical ≫ Accountsservice Version >= 0.6.55-0ubuntu13 < 0.6.55-0ubuntu13.3
Canonical ≫ Accountsservice Version >= 0.6.55-0ubuntu14 < 0.6.55-0ubuntu14.1
Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version21.04
Canonical ≫ Ubuntu Linux Version21.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.363 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| security@ubuntu.com | 7.8 | 1.1 | 6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-590 Free of Memory not on the Heap
The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().
CWE-763 Release of Invalid Pointer or Reference
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.