Vulnerability Details : CVE-2020-9951
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
Vulnerability category: Memory Corruption
Products affected by CVE-2020-9951
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:a:webkit:webkitgtk\+:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-9951
0.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-9951
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-9951
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-9951
-
http://seclists.org/fulldisclosure/2020/Nov/18
Full Disclosure: APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT211844
Vendor Advisory
-
http://seclists.org/fulldisclosure/2020/Nov/22
Full Disclosure: APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0Mailing List;Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4797
Debian -- Security Information -- DSA-4797-1 webkit2gtkThird Party Advisory
-
https://security.gentoo.org/glsa/202012-10
WebkitGTK+: Multiple vulnerabilities (GLSA 202012-10) — Gentoo securityThird Party Advisory
-
https://support.apple.com/kb/HT211850
About the security content of iOS 14.0 and iPadOS 14.0 - Apple SupportVendor Advisory
-
https://support.apple.com/kb/HT211952
About the security content of iTunes 12.10.9 for Windows - Apple SupportVendor Advisory
-
https://support.apple.com/kb/HT211843
About the security content of tvOS 14.0 - Apple SupportVendor Advisory
-
http://seclists.org/fulldisclosure/2020/Nov/20
Full Disclosure: APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT211935
About the security content of iCloud for Windows 11.5 - Apple SupportVendor Advisory
-
http://www.openwall.com/lists/oss-security/2020/11/23/3
oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2020/Nov/19
Full Disclosure: APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0Mailing List;Third Party Advisory
-
https://support.apple.com/HT211845
About the security content of Safari 14.0 - Apple SupportRelease Notes;Vendor Advisory
Jump to