Lucene search

[email protected]NVD:CVE-2020-6514

HistoryJul 22, 2020 - 5:15 p.m.

CVE-2020-6514

2020-07-2217:15:13

CWE-200

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.6%

JSON

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

Affected configurations

NVD

Node

googlechromeRange<84.0.4147.89

Node

opensusebackports_sleMatch15.0sp1

opensusebackports_sleMatch15.0sp2

opensuseleapMatch15.1

opensuseleapMatch15.2

Node

fedoraprojectfedoraMatch31

fedoraprojectfedoraMatch32

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch20.04lts

Node

applesafariRange<13.1.2

appleipadosRange<13.6

appleiphone_osRange<13.6

appletvosRange<13.4.8

applewatchosRange<6.2.8

References

lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html

packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html

chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html

crbug.com/1076703

lists.debian.org/debian-lts-announce/2020/07/msg00027.html

lists.debian.org/debian-lts-announce/2020/08/msg00006.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/

security.gentoo.org/glsa/202007-08

security.gentoo.org/glsa/202007-64

security.gentoo.org/glsa/202101-30

support.apple.com/kb/HT211288

support.apple.com/kb/HT211290

support.apple.com/kb/HT211291

support.apple.com/kb/HT211292

usn.ubuntu.com/4443-1/

www.debian.org/security/2020/dsa-4736

www.debian.org/security/2020/dsa-4740

www.debian.org/security/2021/dsa-4824

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.6%

JSON

CVE-2020-6514

Affected configurations

References

Related