CVE-2020-13558

CVE Details

Release Date:

2021-03-03

Description

A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.

See more information about CVE-2020-13558 from MITRE CVE dictionary and NIST NVD

CVSS v3.0 metrics

NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score:	8.8	Base Metrics:	AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Access Vector:	Network	Attack Complexity:	Low
Privileges Required:	None	User Interaction:	Required
Scope:	Unchanged	Confidentiality Impact:	High
Integrity Impact:	High	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (LibRaw)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (accountsservice)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gdm)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-autoar)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-calculator)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-control-center)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-online-accounts)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-session)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-settings-daemon)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-shell)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-shell-extensions)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-software)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gsettings-desktop-schemas)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gtk3)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (mutter)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (vino)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (webkit2gtk3)	ELSA-2021-4381	2021-11-16

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team