Vulnerability Details : CVE-2020-15969
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Vulnerability category: Memory Corruption
Products affected by CVE-2020-15969
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-15969
3.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-15969
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-15969
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-15969
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/
[SECURITY] Fedora 31 Update: chromium-86.0.4240.111-1.fc31 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2020/Dec/27
Full Disclosure: APPLE-SA-2020-12-14-5 watchOS 7.2Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT212003
About the security content of iOS 14.3 and iPadOS 14.3 - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2020/Dec/24
Full Disclosure: APPLE-SA-2020-12-14-1 iOS 14.3 and iPadOS 14.3Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT212007
About the security content of Safari 14.0.2 - Apple SupportThird Party Advisory
-
https://www.debian.org/security/2021/dsa-4824
Debian -- Security Information -- DSA-4824-1 chromiumThird Party Advisory
-
https://crbug.com/1124659
Inloggen - Google AccountsPermissions Required;Vendor Advisory
-
http://seclists.org/fulldisclosure/2020/Dec/29
Full Disclosure: APPLE-SA-2020-12-14-7 tvOS 14.3Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
[security-announce] openSUSE-SU-2020:1829-1: important: Security updateMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/202101-30
Qt WebEngine: Multiple vulnerabilities (GLSA 202101-30) — Gentoo securityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/
[SECURITY] Fedora 32 Update: chromium-86.0.4240.111-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
Chrome Releases: Stable Channel Update for DesktopRelease Notes;Vendor Advisory
-
https://support.apple.com/kb/HT212005
About the security content of tvOS 14.3 - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2020/Dec/30
Full Disclosure: APPLE-SA-2020-12-14-8 Safari 14.0.2Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT212009
About the security content of watchOS 7.2 - Apple SupportThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/
[SECURITY] Fedora 33 Update: chromium-86.0.4240.183-1.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://support.apple.com/kb/HT212011
About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2020/Dec/26
Full Disclosure: APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 MojaveMailing List;Third Party Advisory
Jump to