CVE-2020-6514

MEDIUM

Description

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

References

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html

http://packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html

https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html

https://crbug.com/1076703

https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html

https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/

https://lists.fedoraproject.org/archives/list/[email protected]/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/

https://security.gentoo.org/glsa/202007-08

https://security.gentoo.org/glsa/202007-64

https://security.gentoo.org/glsa/202101-30

https://support.apple.com/kb/HT211288

https://support.apple.com/kb/HT211290

https://support.apple.com/kb/HT211291

https://support.apple.com/kb/HT211292

https://usn.ubuntu.com/4443-1/

https://www.debian.org/security/2020/dsa-4736

https://www.debian.org/security/2020/dsa-4740

https://www.debian.org/security/2021/dsa-4824

Details

Source: MITRE

Published: 2020-07-22

Updated: 2021-01-28

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (72 total)

IDNameProductFamilySeverity
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147390NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0007)NessusNewStart CGSL Local Security Checks
high
147331NewStart CGSL MAIN 6.02 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0056)NessusNewStart CGSL Local Security Checks
high
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
147292NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0006)NessusNewStart CGSL Local Security Checks
high
147247NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0052)NessusNewStart CGSL Local Security Checks
high
145919CentOS 8 : firefox (CESA-2020:3241)NessusCentOS Local Security Checks
high
145868CentOS 8 : thunderbird (CESA-2020:3341)NessusCentOS Local Security Checks
high
145430GLSA-202101-30 : Qt WebEngine: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
144672Debian DSA-4824-1 : chromium - security updateNessusDebian Local Security Checks
high
140196Amazon Linux 2 : thunderbird (ALAS-2020-1487)NessusAmazon Linux Local Security Checks
high
139648openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1205)NessusSuSE Local Security Checks
high
139562openSUSE Security Update : MozillaFirefox (openSUSE-2020-1189)NessusSuSE Local Security Checks
high
139558openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1179)NessusSuSE Local Security Checks
high
139475Oracle Linux 6 : thunderbird (ELSA-2020-3345)NessusOracle Linux Local Security Checks
medium
139474Oracle Linux 7 : thunderbird (ELSA-2020-3344)NessusOracle Linux Local Security Checks
medium
139473Oracle Linux 8 : thunderbird (ELSA-2020-3341)NessusOracle Linux Local Security Checks
medium
139467RHEL 6 : chromium-browser (RHSA-2020:3377)NessusRed Hat Local Security Checks
high
139450openSUSE Security Update : opera (openSUSE-2020-1172)NessusSuSE Local Security Checks
high
139444openSUSE Security Update : MozillaFirefox (openSUSE-2020-1155)NessusSuSE Local Security Checks
high
139421CentOS 6 : thunderbird (CESA-2020:3345)NessusCentOS Local Security Checks
high
139420CentOS 7 : firefox (CESA-2020:3253)NessusCentOS Local Security Checks
high
139419CentOS 7 : thunderbird (CESA-2020:3344)NessusCentOS Local Security Checks
high
139417CentOS 6 : firefox (CESA-2020:3233)NessusCentOS Local Security Checks
high
139406SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2147-1)NessusSuSE Local Security Checks
high
139400Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200806)NessusScientific Linux Local Security Checks
high
139399Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200806)NessusScientific Linux Local Security Checks
high
139376RHEL 6 : thunderbird (RHSA-2020:3345)NessusRed Hat Local Security Checks
high
139360SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2118-1)NessusSuSE Local Security Checks
high
139357openSUSE Security Update : opera (openSUSE-2020-1148)NessusSuSE Local Security Checks
high
139356openSUSE Security Update : MozillaFirefox (openSUSE-2020-1147)NessusSuSE Local Security Checks
high
139336RHEL 8 : thunderbird (RHSA-2020:3343)NessusRed Hat Local Security Checks
high
139335RHEL 8 : thunderbird (RHSA-2020:3342)NessusRed Hat Local Security Checks
high
139334RHEL 7 : thunderbird (RHSA-2020:3344)NessusRed Hat Local Security Checks
high
139333RHEL 8 : thunderbird (RHSA-2020:3341)NessusRed Hat Local Security Checks
high
139331RHEL 7 : firefox (RHSA-2020:3253)NessusRed Hat Local Security Checks
high
139318Mozilla Thunderbird < 78.1NessusWindows
high
139317Mozilla Thunderbird < 78.1NessusMacOS X Local Security Checks
high
139300Scientific Linux Security Update : firefox on SL7.x x86_64 (20200730)NessusScientific Linux Local Security Checks
high
139282SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:2100-1)NessusSuSE Local Security Checks
high
139279Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-213-01)NessusSlackware Local Security Checks
high
139278Oracle Linux 7 : firefox (ELSA-2020-3253)NessusOracle Linux Local Security Checks
medium
139277Oracle Linux 8 : firefox (ELSA-2020-3241)NessusOracle Linux Local Security Checks
medium
139276Oracle Linux 6 : firefox (ELSA-2020-3233)NessusOracle Linux Local Security Checks
medium
139272GLSA-202007-64 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
139261Fedora 31 : chromium (2020-84d87cbd50)NessusFedora Local Security Checks
high
139255Debian DSA-4740-1 : thunderbird - security updateNessusDebian Local Security Checks
high
139253Debian DLA-2310-1 : thunderbird security updateNessusDebian Local Security Checks
high
139220Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200730)NessusScientific Linux Local Security Checks
high
139210Debian DSA-4736-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
139201RHEL 8 : firefox (RHSA-2020:3254)NessusRed Hat Local Security Checks
high
139196RHEL 6 : firefox (RHSA-2020:3233)NessusRed Hat Local Security Checks
high
139190RHEL 8 : firefox (RHSA-2020:3229)NessusRed Hat Local Security Checks
high
139186RHEL 8 : firefox (RHSA-2020:3241)NessusRed Hat Local Security Checks
high
139185Mozilla Thunderbird < 68.11NessusWindows
high
139184Mozilla Thunderbird < 68.11NessusMacOS X Local Security Checks
high
139182Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Firefox vulnerabilities (USN-4443-1)NessusUbuntu Local Security Checks
high
139106Fedora 32 : chromium (2020-bf684961d9)NessusFedora Local Security Checks
high
139097Debian DLA-2297-1 : firefox-esr security updateNessusDebian Local Security Checks
high
139074Mozilla Firefox ESR < 78.1NessusWindows
high
139073Mozilla Firefox ESR < 78.1NessusMacOS X Local Security Checks
high
139063Mozilla Firefox ESR < 68.11NessusWindows
high
139062Mozilla Firefox ESR < 68.11NessusMacOS X Local Security Checks
high
139040Mozilla Firefox < 79.0NessusWindows
high
139039Mozilla Firefox < 79.0NessusMacOS X Local Security Checks
high
139034Microsoft Edge (Chromium) < 84.0.522.40 Multiple VulnerabilitiesNessusWindows
high
138931GLSA-202007-08 : Chromium, Google Chrome: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
138788openSUSE Security Update : chromium (openSUSE-2020-1021)NessusSuSE Local Security Checks
high
138787openSUSE Security Update : chromium (openSUSE-2020-1020)NessusSuSE Local Security Checks
high
138537FreeBSD : chromium -- multiple vulnerabilities (870d59b0-c6c4-11ea-8015-e09467587c17)NessusFreeBSD Local Security Checks
high
138449Google Chrome < 84.0.4147.89 Multiple VulnerabilitiesNessusWindows
high
138448Google Chrome < 84.0.4147.89 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high