CVEs-PoC/2020/CVE-2020-35512.md

### [CVE-2020-35512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35512)
![](https://img.shields.io/static/v1?label=Product&message=D-Bus%20Development%20branch&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=dbus-1.10.x%20and%20older%20branches%20(EOL)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=dbus-1.12.x%20stable%20branch&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Use-After-Free&color=brighgreen)

### Description

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fokypoky/places-list