← Back

CVE-2020-15710

nvd nist
Published: Nov 19, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Exploitability: 1.8 / Impact: 4.2
Source: NVD

Description

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.

Affected (16)

Pulseaudio Project
1 product
Pulseaudio
Configuration A
16 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pulseaudio Project
Pulseaudio
Version 1\ 8.0-0ubuntu1
Pulseaudio
Version 1\ 8.0-0ubuntu2
Pulseaudio
Version 1\ 8.0-0ubuntu3.10
Pulseaudio
Version 1\ 8.0-0ubuntu3.11
Pulseaudio
Version 1\ 8.0-0ubuntu3.12
Pulseaudio
Version 1\ 8.0-0ubuntu3.1
Pulseaudio
Version 1\ 8.0-0ubuntu3.2
Pulseaudio
Version 1\ 8.0-0ubuntu3.3
Pulseaudio
Version 1\ 8.0-0ubuntu3.4
Pulseaudio
Version 1\ 8.0-0ubuntu3.5
Pulseaudio
Version 1\ 8.0-0ubuntu3.6
Pulseaudio
Version 1\ 8.0-0ubuntu3.7
Pulseaudio
Version 1\ 8.0-0ubuntu3.8
Pulseaudio
Version 1\ 8.0-0ubuntu3.9
Pulseaudio
Version 1\ 8.0-0ubuntu3
Pulseaudio
Version 1\ 8.0-0ubuntu4
Running on/withPlatform Versions
Canonical
Ubuntu Linux
Version 16.04

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (4)

Source: security@ubuntu.com
Issue TrackingThird Party Advisory
Source: security@ubuntu.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.