CVE-2020-13584
Published on: 12/03/2020 12:00:00 AM UTC
Last Modified on: 08/06/2022 03:49:00 AM UTC
Certain versions of Fedora from Fedoraproject contain the following vulnerability:
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.
- CVE-2020-13584 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 8.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.8 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
TALOS-2020-1195 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence | Exploit Technical Description Third Party Advisory talosintelligence.com text/html |
![]() |
[SECURITY] Fedora 32 Update: webkit2gtk3-2.30.3-1.fc32 - package-announce - Fedora Mailing-Lists | Mailing List Third Party Advisory lists.fedoraproject.org text/html |
![]() |
WebkitGTK+: Multiple vulnerabilities (GLSA 202012-10) — Gentoo security | security.gentoo.org text/html |
![]() |
Related QID Numbers
- 159189 Oracle Enterprise Linux Security Update for GNOME (ELSA-2021-1586)
- 239335 Red Hat Update for GNOME (RHSA-2021:1586)
- 501709 Alpine Linux Security Update for webkit2gtk
- 750475 OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2020:2310-1)
- 750476 OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2020:2304-1)
- 750655 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2021:1990-1)
- 940249 AlmaLinux Security Update for GNOME (ALSA-2021:1586)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Fedoraproject | Fedora | 32 | All | All | All |
Operating System | Fedoraproject | Fedora | 32 | All | All | All |
Application | Webkitgtk | Webkitgtk | 2.30.1 | All | All | All |
Application | Webkitgtk | Webkitgtk | 2.30.1 | All | All | All |
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*:
- cpe:2.3:a:webkitgtk:webkitgtk:2.30.1:*:*:*:*:*:x64:*:
- cpe:2.3:a:webkitgtk:webkitgtk:2.30.1:*:*:*:*:*:x64:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|