PT-2020-1836 · Apple+7 · Wpe Webkit+8

Ashfaq Ansari

Published

2020-03-02

Updated

2024-06-15

CVE-2020-10018

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WebKitGTK versions prior to 2.28.0 WPE WebKit versions prior to 2.28.0

Description The issue is related to a memory corruption problem, specifically a use-after-free error, which may lead to arbitrary code execution. This can be exploited by a remote attacker to execute arbitrary code.

Recommendations For WebKitGTK versions prior to 2.28.0, update to version 2.28.0 or later, which includes improved memory handling to fix the issue. For WPE WebKit versions prior to 2.28.0, update to version 2.28.0 or later, which includes improved memory handling to fix the issue.

Fix

Use After Free

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-20

Related Identifiers

ALSA-2020:4451

ALT-PU-2020-1481

BDU:2020-01109

CESA-2020_4035

CESA-2020_4451

CVE-2020-10018

DSA-4641-1

MGASA-2020-0144

OPENSUSE-SU-2020:0602-1

OPENSUSE-SU-2020_0602-1

OPENSUSE-SU-2024:11506-1

RHSA-2020:4035

RHSA-2020:4451

RHSA-2020_4035

RHSA-2020_4451

RLSA-2020:4451

SUSE-SU-2020:1109-1

SUSE-SU-2020:1135-1

SUSE-SU-2020_1109-1

SUSE-SU-2022:0142-1

SUSE-SU-2022:0183-1

USN-4310-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Wpe Webkit

Webkitgtk

PT-2020-1836 · Apple+7 · Wpe Webkit+8

CVE-2020-10018

Weakness Enumeration

Related Identifiers

Affected Products

References · 401