Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-9806

Опубликовано: 10 июл. 2020
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

A flaw was found in webkit gtk in versions prior to 2.28.3 and in WPE WebKit in versions prior to 2.28.3. A memory corruption issue could allow processing of maliciously crafted web content that could lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6webkitgtkOut of support scope
Red Hat Enterprise Linux 7webkitgtk3Will not fix
Red Hat Enterprise Linux 7webkitgtk4Will not fix
Red Hat Enterprise Linux 8webkit2gtk3FixedRHSA-2020:445104.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1879563webkitgtk: Memory corruption may lead to arbitrary code execution

EPSS

Процентиль: 53%
0.003
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-9806

CVSS3: 8.8
ubuntu
около 5 лет назад

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

nvd логотип

CVE-2020-9806

CVSS3: 8.8
nvd
около 5 лет назад

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

debian логотип

CVE-2020-9806

CVSS3: 8.8
debian
около 5 лет назад

A memory corruption issue was addressed with improved state management ...

github логотип

GHSA-6m96-8rvh-6274

github
около 3 лет назад

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

fstec логотип

BDU:2022-00559

CVSS3: 8.8
fstec
около 5 лет назад

Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit операционных систем Apple iPadOS, watchOS, iOS, tvOS, браузера Safari, мультимедийного проигрывателя iTunes и сервиса iCloud для операционных систем Windows, позволяющая нарушителю выполнить произвольный код в целевой системе

EPSS

Процентиль: 53%
0.003
Низкий

8.8 High

CVSS3