CVE-2020-6386

Published: Feb 27, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected (8)

Products: Google: Chrome · Fedoraproject: Fedora · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · +1 more

Show all products

Google: Chrome · Fedoraproject: Fedora · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Debian: Debian Linux

1 product

1 product

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Debian

1 product

Debian Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 80.0.3987.116

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (12)

https://access.redhat.com/errata/RHSA-2020:0738

Source: chrome-cve-admin@google.com

Third Party Advisory

https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html

Source: chrome-cve-admin@google.com

Release NotesVendor Advisory

https://crbug.com/1043603

Source: chrome-cve-admin@google.com

ExploitIssue TrackingPatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/

Source: chrome-cve-admin@google.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/

Source: chrome-cve-admin@google.com

https://www.debian.org/security/2020/dsa-4638

Source: chrome-cve-admin@google.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0738