{"id":"CVE-2020-1712","details":"A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.","modified":"2026-04-16T04:39:24.707337243Z","published":"2020-03-31T17:15:26.577Z","related":["CGA-hmqq-hf7f-vfvx","SUSE-RU-2020:0793-1","SUSE-SU-2020:0331-1","SUSE-SU-2020:0335-1","SUSE-SU-2020:0353-1","openSUSE-SU-2020:0208-1","openSUSE-SU-2024:11420-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712"},{"type":"FIX","url":"https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54"},{"type":"FIX","url":"https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb"},{"type":"FIX","url":"https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d"},{"type":"FIX","url":"https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2"},{"type":"FIX","url":"https://www.openwall.com/lists/oss-security/2020/02/05/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/systemd/systemd","events":[{"introduced":"0"},{"last_affected":"db9c5ae73e23d816e2df2a3e10a9a2a60b5b3ed7"},{"fixed":"1068447e6954dc6ce52f099ed174c442cb89ed54"},{"fixed":"637486261528e8aa3da9f26a4487dc254f4b7abb"},{"fixed":"bc130b6858327b382b07b3985cf48e2aa9016b2d"},{"fixed":"ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"244"}]}}],"versions":["v1","v10","v11","v12","v13","v14","v15","v16","v17","v18","v183","v184","v185","v186","v187","v188","v189","v19","v190","v191","v192","v193","v194","v195","v196","v197","v198","v199","v2","v20","v200","v201","v202","v203","v204","v205","v206","v207","v208","v209","v21","v210","v211","v212","v213","v214","v215","v216","v217","v218","v219","v22","v220","v221","v222","v223","v224","v225","v226","v227","v228","v229","v23","v230","v231","v232","v233","v234","v235","v236","v237","v238","v239","v24","v240","v241","v241-rc1","v241-rc2","v242","v242-rc1","v242-rc2","v242-rc3","v242-rc4","v243","v243-rc1","v243-rc2","v244","v244-rc1","v25","v26","v27","v28","v29","v3","v30","v31","v32","v33","v34","v35","v36","v37","v38","v39","v4","v40","v41","v42","v43","v44","v5","v6","v7","v8","v9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1712.json","vanir_signatures_modified":"2026-04-11T12:40:04Z","vanir_signatures":[{"source":"https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb","signature_type":"Function","digest":{"length":339,"function_hash":"249541810590335694009610159207201220281"},"deprecated":false,"signature_version":"v1","id":"CVE-2020-1712-083dfb5f","target":{"file":"src/shared/bus-polkit.c","function":"async_polkit_query_free"}},{"source":"https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb","digest":{"length":2874,"function_hash":"74549539480005360539949729723206989023"},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2020-1712-7c69b8e3","target":{"file":"src/shared/bus-polkit.c","function":"bus_verify_polkit_async"}},{"source":"https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54","digest":{"line_hashes":["201651851398158219089139026364454349753","9987944486027707297738265898816304116","192221843579112265559191630782876604232","72822982747573861780012777657069221814"],"threshold":0.9},"signature_type":"Line","id":"CVE-2020-1712-8dfe3500","deprecated":false,"signature_version":"v1","target":{"file":"src/systemd/sd-bus.h"}},{"target":{"file":"src/shared/bus-polkit.c","function":"async_polkit_callback"},"signature_type":"Function","digest":{"length":572,"function_hash":"191952696935465987918037642341044558598"},"source":"https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb","signature_version":"v1","id":"CVE-2020-1712-c78bba3e","deprecated":false},{"source":"https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb","signature_type":"Line","digest":{"line_hashes":["97053741425443050450208921739222569203","303460527606453710252220666868808145400","18219807215661718443382219123539589712","60261091367737920122821757682504535056","86264706304329535586929432165729739622","337390672199881346205475444548683382521","152562335154503867169907437275077137083","84211952852498673684248562065377075652","324726152797087188705084363045825558251","325970457268498492598214286673190530565","202566744084947735033800918550045650693","194309138071813940665718909269028112190","188997586095725752447519276072764071862","293185299188085331962123844476277735666","320138298323880858161113515815715150458","170379373050637717031754180073892094889","29309665073518276997283992467703573698","165225009145589773428426232127941023680","12321488664809828297015490366106267649","172883744573346081802393080925107117215","75285956263270984207625071252672351081","315481932615129614536008509789990866994","264579120630678275163303016554424061509","234214297483417905214744801498590492828","286908870466118591068503739348901791428","110910070697038590601846380901570703937","147634743858309359957750709512817985592","162589724996563957724767291619418661351","16959055153679824806685267226897867923","76055295512511461434023416680211844859","38713159073670226927111661739781666952","189612858139979274090890865335185172413","154430203011226137819958604224372838126","75389190473008594185108810388326130324","63132286548534368094653651953345052127","294940776886412801592379028783519818267","102301407515608068841865372922431621910","328716495739662205636254361842872047961","196405144638830216506361432807297143715","93356589517045076911522842971448963126","78433439633613489244827728211361246118","205368781931337343468642178564182860212","184223870634894539720575251196499487422","145323608060584930670486582064995568406","43700365621748513773381156876425890970","340123359266940267596657940112607734072","268992061929188121712297464734694520667","30256143953995422663035365047298676842","155909894963427971346953495920941861395","125229967853273817950243613133490540349","244837636105294919696140145482111912276","87390459365384605435053796704959503040","141682537757708057625738963301879324175","25716083193282531004342174123650260090"],"threshold":0.9},"signature_version":"v1","deprecated":false,"id":"CVE-2020-1712-d35a0e1f","target":{"file":"src/shared/bus-polkit.c"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}