PT-2020-6760 · Apple+6 · Wpe Webkit+7

Published

2020-10-24

·

Updated

2024-06-15

·

CVE-2020-13584

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions WebKitGTK version 2.30.1 WPE WebKit (affected versions not specified)
Description The issue is related to a use-after-free condition in the WebKitGTK and WPE WebKit browser modules. This can be triggered by a specially crafted HTML web page, potentially allowing an attacker to execute arbitrary code or cause a denial of service. The victim must visit a malicious website to exploit this issue.
Recommendations For WebKitGTK version 2.30.1, consider restricting access to potentially malicious websites until a patch is available. As a temporary workaround, avoid using WebKitGTK version 2.30.1 to access untrusted web pages. For WPE WebKit, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2021:1586
ALT-PU-2020-3117
BDU:2022-06102
CESA-2021_1586
CVE-2020-13584
DSA-4797-1
DSA-4797-2
MGASA-2020-0441
OPENSUSE-SU-2020:2304-1
OPENSUSE-SU-2020:2310-1
OPENSUSE-SU-2020_2304-1
OPENSUSE-SU-2020_2310-1
OPENSUSE-SU-2024:11506-1
RHSA-2021:1586
RHSA-2021_1586
RHSA-2025:10364
RLSA-2021:1586
SUSE-SU-2020:3864-1
SUSE-SU-2020:3867-1
SUSE-SU-2021:1990-1

Affected Products

Alt Linux
Almalinux
Centos
Red Hat
Rocky Linux
Suse
Wpe Webkit
Webkitgtk