Lucene search

K
cvelistTalosCVELIST:CVE-2020-13584
HistoryDec 03, 2020 - 5:02 p.m.

CVE-2020-13584

2020-12-0317:02:07
talos
www.cve.org
10
exploitable
webkitgtk
use-after-free
vulnerability
x64
html
web page
remote code execution
malicious web site

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.013

Percentile

86.0%

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.

CNA Affected

[
  {
    "product": "Webkit",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Webkit WebKitGTK 2.30.1"
      }
    ]
  }
]

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.013

Percentile

86.0%