CVE-2020-16127

Summary

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.

Affected Software

VendorProductVersion RangeStatus
Freedesktopaccountsservice0.6.35-0ubuntu7.3 < 0.6.35-0ubuntu7.3+esm2affected
Freedesktopaccountsservice0.6.40-2ubuntu11 < 0.6.40-2ubuntu11.6affected
Freedesktopaccountsservice0.6.45-1ubuntu1 < 0.6.45-1ubuntu1.3affected
Freedesktopaccountsservice0.6.55-0ubuntu < 0.6.55-0ubuntu12~20.04.4affected
Freedesktopaccountsservice0.6.55-0ubuntu13 < 0.6.55-0ubuntu13.2affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References