Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-6405

Опубликовано: 16 янв. 2020
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

An out-of-bounds read vulnerability was found in the SQLite component of the Chromium browser. A remote attacker could abuse this flaw to obtain potentially sensitive information from process memory via a crafted HTML page. The highest threat from this vulnerability is to data confidentiality.

Отчет

This flaw did not affect the versions of SQLite as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the WHERE-clause constant propagation optimization, which was introduced in a later version of the package.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sqliteNot affected
Red Hat Enterprise Linux 6sqliteNot affected
Red Hat Enterprise Linux 7sqliteNot affected
Red Hat Enterprise Linux 6 Supplementarychromium-browserFixedRHSA-2020:051417.02.2020
Red Hat Enterprise Linux 8sqliteFixedRHSA-2020:444204.11.2020
Red Hat Enterprise Linux 8sqliteFixedRHSA-2020:444204.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1801181sqlite: Out-of-bounds read in SELECT with ON/USING clause

EPSS

Процентиль: 71%
0.00691
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-6405

CVSS3: 6.5
ubuntu
больше 5 лет назад

Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

nvd логотип

CVE-2020-6405

CVSS3: 6.5
nvd
больше 5 лет назад

Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

debian логотип

CVE-2020-6405

CVSS3: 6.5
debian
больше 5 лет назад

Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 al ...

github логотип

GHSA-q7xq-9xwf-v39q

github
больше 3 лет назад

Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

fstec логотип

BDU:2020-01506

CVSS3: 6.5
fstec
больше 5 лет назад

Уязвимость компонента SQLite браузера Google Chrome, связанная с чтением за границами буфера, позволяющая нарушителю получить несанкционированный доступ к информации

EPSS

Процентиль: 71%
0.00691
Низкий

6.5 Medium

CVSS3