CVE-2020-13558

CVE Details

Release Date:	2021-03-03
Impact:	None	What is this?

Description

A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.

See more information about CVE-2020-13558 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	8.8
Vector String:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version:	3.0
Attack Vector:	Network
Attack Complexity:	Low
Privileges Required:	None
User Interaction:	Required
Scope:	Unchanged
Confidentiality Impact:	High
Integrity Impact:	High
Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (LibRaw)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (accountsservice)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gdm)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-autoar)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-calculator)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-control-center)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-online-accounts)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-session)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-settings-daemon)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-shell)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-shell-extensions)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-software)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gsettings-desktop-schemas)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gtk3)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (mutter)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (vino)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (webkit2gtk3)	ELSA-2021-4381	2021-11-16