DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2020-6429

High

Low Medium High Critical

8.8

CVSS Score

Published: Mar 23, 2020

Last Modified: Nov 21, 2024

CWE: CWE-787

Vulnerability Description

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

8 configuration(s) from 4 vendor(s)

debian_linux

Version:

10.0

CPE:

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

debian_linux

Version:

9.0

CPE:

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

fedora

Version:

CPE:

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

backports_sle

Version:

15.0

CPE:

cpe:2.3:a:opensuse:backports_sle:15.0:sp3:*:*:*:*:*:*

suse_linux_enterprise_desktop

Version:

CPE:

cpe:2.3:o:suse:suse_linux_enterprise_desktop:12:sp4:*:*:*:*:*:*

suse_linux_enterprise_server

Version:

CPE:

cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*

This vulnerability affects 8 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

8.8

out of 10.0

High

Weakness Type (CWE)

CWE-787 Top 25 #2

Out-of-bounds Write

Description: The product writes data past the end, or before the beginning, of the intended buffer.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Base