DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2020-6424

High

Low Medium High Critical

8.8

CVSS Score

Published: Mar 23, 2020

Last Modified: Nov 21, 2024

CWE: CWE-416

Vulnerability Description

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

8 configuration(s) from 4 vendor(s)

debian_linux

Version:

10.0

CPE:

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

debian_linux

Version:

9.0

CPE:

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

backports_sle

Version:

15.0

CPE:

cpe:2.3:a:opensuse:backports_sle:15.0:sp3:*:*:*:*:*:*

suse_linux_enterprise_desktop

Version:

CPE:

cpe:2.3:o:suse:suse_linux_enterprise_desktop:12:sp4:*:*:*:*:*:*

suse_linux_enterprise_server

Version:

CPE:

cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*

This vulnerability affects 8 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

8.8

out of 10.0

High

Weakness Type (CWE)

CWE-416 Top 25 #12

Use After Free

Description: The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations…
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Variant