CVE-2020-11793

Name
CVE-2020-11793
Description
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://wpewebkit.org/security/WSA-2020-0004.html
Vendor Advisory https://webkitgtk.org/security/WSA-2020-0004.html
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3P4YISPE5QX4YD54GDRZIH2X5RCH3QGW/
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3MQTRC6ITFTVS5R5Z24PMJS6FXJKGRD/
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTKY2MWP6PB6TE3ZKOOMKX7HZUCQNYF6/
Third Party Advisory https://usn.ubuntu.com/4331-1/
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html
GENTOO https://security.gentoo.org/glsa/202006-08

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:* webkitgtk >= None < 2.28.1
cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:* wpe_webkit >= None < 2.28.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status