Unrated severityNVD Advisory· Published Dec 3, 2020· Updated Aug 4, 2024

CVE-2020-13584

Description

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.

Affected products

107

osv-coords106 versions
pkg:rpm/almalinux/accountsservice-devel pkg:rpm/almalinux/atkmm pkg:rpm/almalinux/atkmm-devel pkg:rpm/almalinux/atkmm-doc pkg:rpm/almalinux/cairomm pkg:rpm/almalinux/cairomm-devel pkg:rpm/almalinux/cairomm-doc pkg:rpm/almalinux/chrome-gnome-shell pkg:rpm/almalinux/dleyna-core pkg:rpm/almalinux/dleyna-server pkg:rpm/almalinux/enchant2 pkg:rpm/almalinux/enchant2-devel pkg:rpm/almalinux/gamin pkg:rpm/almalinux/gamin-devel pkg:rpm/almalinux/geoclue2 pkg:rpm/almalinux/geoclue2-demos pkg:rpm/almalinux/geoclue2-devel pkg:rpm/almalinux/geoclue2-libs pkg:rpm/almalinux/geocode-glib pkg:rpm/almalinux/geocode-glib-devel pkg:rpm/almalinux/gjs pkg:rpm/almalinux/gjs-devel pkg:rpm/almalinux/glib2-doc pkg:rpm/almalinux/glib2-static pkg:rpm/almalinux/glibmm24 pkg:rpm/almalinux/glibmm24-devel pkg:rpm/almalinux/glibmm24-doc pkg:rpm/almalinux/gnome-boxes pkg:rpm/almalinux/gnome-photos pkg:rpm/almalinux/gnome-photos-tests pkg:rpm/almalinux/gnome-terminal pkg:rpm/almalinux/gnome-terminal-nautilus pkg:rpm/almalinux/gtk2 pkg:rpm/almalinux/gtk2-devel pkg:rpm/almalinux/gtk2-devel-docs pkg:rpm/almalinux/gtk2-immodules pkg:rpm/almalinux/gtk2-immodule-xim pkg:rpm/almalinux/gtk-doc pkg:rpm/almalinux/gtkmm24 pkg:rpm/almalinux/gtkmm24-devel pkg:rpm/almalinux/gtkmm24-docs pkg:rpm/almalinux/gtkmm30 pkg:rpm/almalinux/gtkmm30-devel pkg:rpm/almalinux/gtkmm30-doc pkg:rpm/almalinux/gvfs pkg:rpm/almalinux/gvfs-afc pkg:rpm/almalinux/gvfs-afp pkg:rpm/almalinux/gvfs-archive pkg:rpm/almalinux/gvfs-client pkg:rpm/almalinux/gvfs-devel pkg:rpm/almalinux/gvfs-fuse pkg:rpm/almalinux/gvfs-goa pkg:rpm/almalinux/gvfs-gphoto2 pkg:rpm/almalinux/gvfs-mtp pkg:rpm/almalinux/gvfs-smb pkg:rpm/almalinux/libdazzle pkg:rpm/almalinux/libdazzle-devel pkg:rpm/almalinux/libepubgen pkg:rpm/almalinux/libepubgen-devel pkg:rpm/almalinux/libsass pkg:rpm/almalinux/libsass-devel pkg:rpm/almalinux/libsigc%2B%2B20 pkg:rpm/almalinux/libsigc%2B%2B20-devel pkg:rpm/almalinux/libsigc%2B%2B20-doc pkg:rpm/almalinux/libvisual pkg:rpm/almalinux/libvisual-devel pkg:rpm/almalinux/mutter-devel pkg:rpm/almalinux/nautilus pkg:rpm/almalinux/nautilus-devel pkg:rpm/almalinux/nautilus-extensions pkg:rpm/almalinux/OpenEXR-devel pkg:rpm/almalinux/OpenEXR-libs pkg:rpm/almalinux/pangomm pkg:rpm/almalinux/pangomm-devel pkg:rpm/almalinux/pangomm-doc pkg:rpm/almalinux/soundtouch pkg:rpm/almalinux/soundtouch-devel pkg:rpm/almalinux/vala pkg:rpm/almalinux/vala-devel pkg:rpm/almalinux/woff2 pkg:rpm/almalinux/woff2-devel pkg:rpm/opensuse/gtk3&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.2 pkg:rpm/suse/webkit2gtk3&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0.6.55-1.el8+ 105 more
- (no CPE)range: < 0.6.55-1.el8
- (no CPE)range: < 2.24.2-7.el8
- (no CPE)range: < 2.24.2-7.el8
- (no CPE)range: < 2.24.2-7.el8
- (no CPE)range: < 1.12.0-8.el8
- (no CPE)range: < 1.12.0-8.el8
- (no CPE)range: < 1.12.0-8.el8
- (no CPE)range: < 10.1-7.el8
- (no CPE)range: < 0.6.0-3.el8
- (no CPE)range: < 0.6.0-3.el8
- (no CPE)range: < 2.2.3-3.el8
- (no CPE)range: < 2.2.3-3.el8
- (no CPE)range: < 0.1.10-32.el8
- (no CPE)range: < 0.1.10-32.el8
- (no CPE)range: < 2.5.5-2.el8
- (no CPE)range: < 2.5.5-2.el8
- (no CPE)range: < 2.5.5-2.el8
- (no CPE)range: < 2.5.5-2.el8
- (no CPE)range: < 3.26.0-3.el8
- (no CPE)range: < 3.26.0-3.el8
- (no CPE)range: < 1.56.2-5.el8
- (no CPE)range: < 1.56.2-5.el8
- (no CPE)range: < 2.56.4-9.el8
- (no CPE)range: < 2.56.4-9.el8
- (no CPE)range: < 2.56.0-2.el8
- (no CPE)range: < 2.56.0-2.el8
- (no CPE)range: < 2.56.0-2.el8
- (no CPE)range: < 3.36.5-8.el8
- (no CPE)range: < 3.28.1-4.el8
- (no CPE)range: < 3.28.1-4.el8
- (no CPE)range: < 3.28.3-3.el8
- (no CPE)range: < 3.28.3-3.el8
- (no CPE)range: < 2.24.32-5.el8
- (no CPE)range: < 2.24.32-5.el8
- (no CPE)range: < 2.24.32-5.el8
- (no CPE)range: < 2.24.32-5.el8
- (no CPE)range: < 2.24.32-5.el8
- (no CPE)range: < 1.28-3.el8
- (no CPE)range: < 2.24.5-6.el8
- (no CPE)range: < 2.24.5-6.el8
- (no CPE)range: < 2.24.5-6.el8
- (no CPE)range: < 3.22.2-3.el8
- (no CPE)range: < 3.22.2-3.el8
- (no CPE)range: < 3.22.2-3.el8
- (no CPE)range: < 1.36.2-11.el8
- (no CPE)range: < 1.36.2-11.el8
- (no CPE)range: < 1.36.2-11.el8
- (no CPE)range: < 1.36.2-11.el8
- (no CPE)range: < 1.36.2-11.el8
- (no CPE)range: < 1.36.2-11.el8
- (no CPE)range: < 1.36.2-11.el8
- (no CPE)range: < 1.36.2-11.el8
- (no CPE)range: < 1.36.2-11.el8
- (no CPE)range: < 1.36.2-11.el8
- (no CPE)range: < 1.36.2-11.el8
- (no CPE)range: < 3.28.5-2.el8
- (no CPE)range: < 3.28.5-2.el8
- (no CPE)range: < 0.1.0-3.el8
- (no CPE)range: < 0.1.0-3.el8
- (no CPE)range: < 3.4.5-6.el8
- (no CPE)range: < 3.4.5-6.el8
- (no CPE)range: < 2.10.0-6.el8
- (no CPE)range: < 2.10.0-6.el8
- (no CPE)range: < 2.10.0-6.el8
- (no CPE)range: < 1:0.4.0-25.el8
- (no CPE)range: < 1:0.4.0-25.el8
- (no CPE)range: < 3.32.2-57.el8
- (no CPE)range: < 3.28.1-15.el8
- (no CPE)range: < 3.28.1-15.el8
- (no CPE)range: < 3.28.1-15.el8
- (no CPE)range: < 2.2.0-12.el8
- (no CPE)range: < 2.2.0-12.el8
- (no CPE)range: < 2.40.1-6.el8
- (no CPE)range: < 2.40.1-6.el8
- (no CPE)range: < 2.40.1-6.el8
- (no CPE)range: < 2.0.0-3.el8
- (no CPE)range: < 2.0.0-3.el8
- (no CPE)range: < 0.40.19-2.el8
- (no CPE)range: < 0.40.19-2.el8
- (no CPE)range: < 1.0.2-5.el8
- (no CPE)range: < 1.0.2-5.el8
- (no CPE)range: < 2.32.4-1.1
- (no CPE)range: < 2.30.3-lp151.2.28.2
- (no CPE)range: < 2.30.3-lp152.2.7.3
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.30.3-3.63.2
- (no CPE)range: < 2.30.3-3.63.2
- (no CPE)range: < 2.30.3-3.63.2
- (no CPE)range: < 2.30.3-3.9.3
- (no CPE)range: < 2.30.3-3.63.2
- (no CPE)range: < 2.30.3-3.9.3
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.30.3-3.63.2
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.30.3-3.63.2
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.32.1-2.63.3
- (no CPE)range: < 2.32.1-2.63.3
Apple Inc./Webkitv5
Range: Webkit WebKitGTK 2.30.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/mitrevendor-advisoryx_refsource_FEDORA
security.gentoo.org/glsa/202012-10mitrevendor-advisoryx_refsource_GENTOO
talosintelligence.com/vulnerability_reports/TALOS-2020-1195mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000