CVE-2020-6426
Medium
Low
Medium
High
Critical
6.5
CVSS Score
Vulnerability Description
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
N
Integrity
H
Availability
N
Known Affected Software
8 configuration(s) from 4 vendor(s)
debian_linux
Version:
10.0
CPE:
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debian_linux
Version:
9.0
CPE:
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
fedora
Version:
30
CPE:
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
fedora
Version:
31
CPE:
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
fedora
Version:
32
CPE:
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
backports_sle
Version:
15.0
CPE:
cpe:2.3:a:opensuse:backports_sle:15.0:sp3:*:*:*:*:*:*
suse_linux_enterprise_desktop
Version:
12
CPE:
cpe:2.3:o:suse:suse_linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
suse_linux_enterprise_server
Version:
12
CPE:
cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*
This vulnerability affects 8 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.htmlchrome-cve-admin@google.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.htmlchrome-cve-admin@google.com Mailing List Third Party Advisory
-
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.htmlchrome-cve-admin@google.com Vendor Advisory
-
https://crbug.com/1052647chrome-cve-admin@google.com Exploit Issue Tracking Patch Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/chrome-cve-admin@google.com
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/chrome-cve-admin@google.com
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/chrome-cve-admin@google.com
-
https://security.gentoo.org/glsa/202003-53chrome-cve-admin@google.com Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4645chrome-cve-admin@google.com Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.htmlaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
https://crbug.com/1052647af854a3a-2127-422b-91ae-364da2661108 Exploit Issue Tracking Patch Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/af854a3a-2127-422b-91ae-364da2661108
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/af854a3a-2127-422b-91ae-364da2661108
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/af854a3a-2127-422b-91ae-364da2661108
-
https://security.gentoo.org/glsa/202003-53af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4645af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
6.5
out of 10.0
Medium
Weakness Type (CWE)
CWE-787
Top 25 #2
Out-of-bounds Write
- Description
- The product writes data past the end, or before the beginning, of the intended buffer.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- March 23, 2020
