CVE-2020-12049 in FreeDesktop and Canonical Products
Published on June 8, 2020
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
Products Associated with CVE-2020-12049
stack.watch emails you whenever new vulnerabilities are published in FreeDesktop Dbus or Canonical Ubuntu Linux. Just hit a watch button to start following.
Exploit Probability
EPSS
0.09%
Percentile
25.92%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.