Vulnerability Details CVE-2020-13543
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://security.gentoo.org/glsa/202012-10
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1155
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://security.gentoo.org/glsa/202012-10
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1155
- https://www.oracle.com/security-alerts/cpuapr2022.html