CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-3939

Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.0%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

Products affected by CVE-2021-3939

Canonical » Accountsservice » Version: 0.6.55-0ubuntu12~20.04

cpe:2.3:a:canonical:accountsservice:0.6.55-0ubuntu12~20.04
Canonical » Accountsservice » Version: 0.6.55-0ubuntu12~20.04.6

cpe:2.3:a:canonical:accountsservice:0.6.55-0ubuntu12~20.04.6
Canonical » Accountsservice » Version: 0.6.55-0ubuntu13

cpe:2.3:a:canonical:accountsservice:0.6.55-0ubuntu13
Canonical » Accountsservice » Version: 0.6.55-0ubuntu14

cpe:2.3:a:canonical:accountsservice:0.6.55-0ubuntu14
Canonical » Ubuntu Linux » Version: 20.04

cpe:2.3:o:canonical:ubuntu_linux:20.04
Canonical » Ubuntu Linux » Version: 21.04

cpe:2.3:o:canonical:ubuntu_linux:21.04
Canonical » Ubuntu Linux » Version: 21.10

cpe:2.3:o:canonical:ubuntu_linux:21.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-3939

Products

Pricing

Contact Us