DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2020-6415

High

Low Medium High Critical

8.8

CVSS Score

Published: Feb 11, 2020

Last Modified: Nov 21, 2024

CWE: CWE-787

Vulnerability Description

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

9 configuration(s) from 5 vendor(s)

debian_linux

Version:

10.0

CPE:

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

debian_linux

Version:

9.0

CPE:

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

backports_sle

Version:

15.0

CPE:

cpe:2.3:a:opensuse:backports_sle:15.0:sp3:*:*:*:*:*:*

enterprise_linux_server

Version:

6.0

CPE:

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*

enterprise_linux_desktop

Version:

6.0

CPE:

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*

enterprise_linux_workstation

Version:

6.0

CPE:

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*

package_hub

Version:

CPE:

cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*

This vulnerability affects 9 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

8.8

out of 10.0

High

Weakness Type (CWE)

CWE-787 Top 25 #2

Out-of-bounds Write

Description: The product writes data past the end, or before the beginning, of the intended buffer.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Base