{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3939","assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","assignerShortName":"canonical","dateUpdated":"2024-09-16T18:02:58.362Z","dateReserved":"2021-11-09T00:00:00.000Z","datePublished":"2021-11-17T03:15:10.949Z"},"containers":{"cna":{"title":"Free of static data in accountsservice","datePublic":"2021-11-16T00:00:00.000Z","providerMetadata":{"orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical","dateUpdated":"2023-06-12T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1."}],"affected":[{"vendor":"Ubuntu","product":"accountsservice","versions":[{"version":"0.6.55-0ubuntu12~20.04","status":"affected","lessThan":"0.6.55-0ubuntu12~20.04.5","versionType":"custom"},{"version":"0.6.55-0ubuntu13","status":"affected","lessThan":"0.6.55-0ubuntu13.3","versionType":"custom"},{"version":"0.6.55-0ubuntu14","status":"affected","lessThan":"0.6.55-0ubuntu14.1","versionType":"custom"}]}],"references":[{"url":"https://ubuntu.com/security/notices/USN-5149-1"},{"url":"https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149"},{"url":"http://packetstormsecurity.com/files/172848/Ubuntu-accountsservice-Double-Free-Memory-Corruption.html"}],"credits":[{"lang":"en","value":"Kevin Backhouse"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-590 Free of Memory not on the Heap","cweId":"CWE-590"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"advisory":"USN-5149-1","defect":["https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149"],"discovery":"EXTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T17:09:09.693Z"},"title":"CVE Program Container","references":[{"url":"https://ubuntu.com/security/notices/USN-5149-1","tags":["x_transferred"]},{"url":"https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149","tags":["x_transferred"]},{"url":"http://packetstormsecurity.com/files/172848/Ubuntu-accountsservice-Double-Free-Memory-Corruption.html","tags":["x_transferred"]}]}]}}