PT-2020-6816 · Apple+5 · Webkitgtk+5

Published

2020-11-23

Updated

2022-05-10

CVE-2020-13543

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions WebKitGTK version 2.30.0 WPE WebKit (affected versions not specified)

Description A code execution issue exists in the WebSocket functionality of WebKitGTK and WPE WebKit, related to a use-after-free error. This can be triggered by a specially crafted web page, potentially allowing a remote attacker to execute arbitrary code by getting a user to visit the webpage.

Recommendations For WebKitGTK version 2.30.0, consider disabling the WebSocket functionality as a temporary workaround until a patch is available. For WPE WebKit, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Use After Free

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-22CWE-20

Related Identifiers

ALSA-2021:1586

BDU:2022-07049

BDU:2022-07060

CESA-2021_1586

CVE-2020-13543

DSA-4797-1

DSA-4797-2

MGASA-2020-0441

OPENSUSE-SU-2020:2304-1

OPENSUSE-SU-2020:2310-1

OPENSUSE-SU-2020_2304-1

OPENSUSE-SU-2020_2310-1

RHSA-2021:1586

RHSA-2021_1586

RHSA-2025:10364

RLSA-2021:1586

SUSE-SU-2020:3864-1

SUSE-SU-2020:3867-1

SUSE-SU-2020_3864-1

SUSE-SU-2020_3867-1

SUSE-SU-2021:1990-1

Affected Products

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Webkitgtk

PT-2020-6816 · Apple+5 · Webkitgtk+5

CVE-2020-13543

Weakness Enumeration

Related Identifiers

Affected Products

References · 138