CVE-2023-3297 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2023-3297

In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.

Published: Sep 1, 2023
Updated: Sep 8, 2023
CVE: CVE-2023-3297
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
canonical / accountsservice	-	23.13.9-2ubuntu2
canonical / accountsservice	-	22.08.8-1ubuntu7.1
canonical / accountsservice	-	22.07.5-2ubuntu1.4
canonical / accountsservice	-	0.6.55-0ubuntu12\~20.04.6
canonical / ubuntu_linux	20.04	20.04.x
canonical / ubuntu_linux	22.04	22.04.x
canonical / ubuntu_linux	22.10	22.10.x
canonical / ubuntu_linux	23.04	23.04.x