CVE-2020-6514MEDIUM
Description
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
References
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html
http://packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html
https://security.gentoo.org/glsa/202007-08
https://security.gentoo.org/glsa/202007-64
https://security.gentoo.org/glsa/202101-30
https://support.apple.com/kb/HT211288
https://support.apple.com/kb/HT211290
https://support.apple.com/kb/HT211291
https://support.apple.com/kb/HT211292
https://usn.ubuntu.com/4443-1/
https://www.debian.org/security/2020/dsa-4736
Details
Source: MITRE
Published: 2020-07-22
Updated: 2021-01-28
Type: NVD-CWE-noinfo
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
Configuration 3
OR
Configuration 4
OR
Configuration 5
OR
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Configuration 6
OR
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 147407 | NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004) | Nessus | NewStart CGSL Local Security Checks | critical |
| 147390 | NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0007) | Nessus | NewStart CGSL Local Security Checks | high |
| 147331 | NewStart CGSL MAIN 6.02 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0056) | Nessus | NewStart CGSL Local Security Checks | high |
| 147312 | NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002) | Nessus | NewStart CGSL Local Security Checks | critical |
| 147292 | NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0006) | Nessus | NewStart CGSL Local Security Checks | high |
| 147247 | NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0052) | Nessus | NewStart CGSL Local Security Checks | high |
| 145919 | CentOS 8 : firefox (CESA-2020:3241) | Nessus | CentOS Local Security Checks | high |
| 145868 | CentOS 8 : thunderbird (CESA-2020:3341) | Nessus | CentOS Local Security Checks | high |
| 145430 | GLSA-202101-30 : Qt WebEngine: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 144672 | Debian DSA-4824-1 : chromium - security update | Nessus | Debian Local Security Checks | high |
| 140196 | Amazon Linux 2 : thunderbird (ALAS-2020-1487) | Nessus | Amazon Linux Local Security Checks | high |
| 139648 | openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1205) | Nessus | SuSE Local Security Checks | high |
| 139562 | openSUSE Security Update : MozillaFirefox (openSUSE-2020-1189) | Nessus | SuSE Local Security Checks | high |
| 139558 | openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1179) | Nessus | SuSE Local Security Checks | high |
| 139475 | Oracle Linux 6 : thunderbird (ELSA-2020-3345) | Nessus | Oracle Linux Local Security Checks | medium |
| 139474 | Oracle Linux 7 : thunderbird (ELSA-2020-3344) | Nessus | Oracle Linux Local Security Checks | medium |
| 139473 | Oracle Linux 8 : thunderbird (ELSA-2020-3341) | Nessus | Oracle Linux Local Security Checks | medium |
| 139467 | RHEL 6 : chromium-browser (RHSA-2020:3377) | Nessus | Red Hat Local Security Checks | high |
| 139450 | openSUSE Security Update : opera (openSUSE-2020-1172) | Nessus | SuSE Local Security Checks | high |
| 139444 | openSUSE Security Update : MozillaFirefox (openSUSE-2020-1155) | Nessus | SuSE Local Security Checks | high |
| 139421 | CentOS 6 : thunderbird (CESA-2020:3345) | Nessus | CentOS Local Security Checks | high |
| 139420 | CentOS 7 : firefox (CESA-2020:3253) | Nessus | CentOS Local Security Checks | high |
| 139419 | CentOS 7 : thunderbird (CESA-2020:3344) | Nessus | CentOS Local Security Checks | high |
| 139417 | CentOS 6 : firefox (CESA-2020:3233) | Nessus | CentOS Local Security Checks | high |
| 139406 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2147-1) | Nessus | SuSE Local Security Checks | high |
| 139400 | Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200806) | Nessus | Scientific Linux Local Security Checks | high |
| 139399 | Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200806) | Nessus | Scientific Linux Local Security Checks | high |
| 139376 | RHEL 6 : thunderbird (RHSA-2020:3345) | Nessus | Red Hat Local Security Checks | high |
| 139360 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2118-1) | Nessus | SuSE Local Security Checks | high |
| 139357 | openSUSE Security Update : opera (openSUSE-2020-1148) | Nessus | SuSE Local Security Checks | high |
| 139356 | openSUSE Security Update : MozillaFirefox (openSUSE-2020-1147) | Nessus | SuSE Local Security Checks | high |
| 139336 | RHEL 8 : thunderbird (RHSA-2020:3343) | Nessus | Red Hat Local Security Checks | high |
| 139335 | RHEL 8 : thunderbird (RHSA-2020:3342) | Nessus | Red Hat Local Security Checks | high |
| 139334 | RHEL 7 : thunderbird (RHSA-2020:3344) | Nessus | Red Hat Local Security Checks | high |
| 139333 | RHEL 8 : thunderbird (RHSA-2020:3341) | Nessus | Red Hat Local Security Checks | high |
| 139331 | RHEL 7 : firefox (RHSA-2020:3253) | Nessus | Red Hat Local Security Checks | high |
| 139318 | Mozilla Thunderbird < 78.1 | Nessus | Windows | high |
| 139317 | Mozilla Thunderbird < 78.1 | Nessus | MacOS X Local Security Checks | high |
| 139300 | Scientific Linux Security Update : firefox on SL7.x x86_64 (20200730) | Nessus | Scientific Linux Local Security Checks | high |
| 139282 | SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:2100-1) | Nessus | SuSE Local Security Checks | high |
| 139279 | Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-213-01) | Nessus | Slackware Local Security Checks | high |
| 139278 | Oracle Linux 7 : firefox (ELSA-2020-3253) | Nessus | Oracle Linux Local Security Checks | medium |
| 139277 | Oracle Linux 8 : firefox (ELSA-2020-3241) | Nessus | Oracle Linux Local Security Checks | medium |
| 139276 | Oracle Linux 6 : firefox (ELSA-2020-3233) | Nessus | Oracle Linux Local Security Checks | medium |
| 139272 | GLSA-202007-64 : Mozilla Thunderbird: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 139261 | Fedora 31 : chromium (2020-84d87cbd50) | Nessus | Fedora Local Security Checks | high |
| 139255 | Debian DSA-4740-1 : thunderbird - security update | Nessus | Debian Local Security Checks | high |
| 139253 | Debian DLA-2310-1 : thunderbird security update | Nessus | Debian Local Security Checks | high |
| 139220 | Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200730) | Nessus | Scientific Linux Local Security Checks | high |
| 139210 | Debian DSA-4736-1 : firefox-esr - security update | Nessus | Debian Local Security Checks | high |
| 139201 | RHEL 8 : firefox (RHSA-2020:3254) | Nessus | Red Hat Local Security Checks | high |
| 139196 | RHEL 6 : firefox (RHSA-2020:3233) | Nessus | Red Hat Local Security Checks | high |
| 139190 | RHEL 8 : firefox (RHSA-2020:3229) | Nessus | Red Hat Local Security Checks | high |
| 139186 | RHEL 8 : firefox (RHSA-2020:3241) | Nessus | Red Hat Local Security Checks | high |
| 139185 | Mozilla Thunderbird < 68.11 | Nessus | Windows | high |
| 139184 | Mozilla Thunderbird < 68.11 | Nessus | MacOS X Local Security Checks | high |
| 139182 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Firefox vulnerabilities (USN-4443-1) | Nessus | Ubuntu Local Security Checks | high |
| 139106 | Fedora 32 : chromium (2020-bf684961d9) | Nessus | Fedora Local Security Checks | high |
| 139097 | Debian DLA-2297-1 : firefox-esr security update | Nessus | Debian Local Security Checks | high |
| 139074 | Mozilla Firefox ESR < 78.1 | Nessus | Windows | high |
| 139073 | Mozilla Firefox ESR < 78.1 | Nessus | MacOS X Local Security Checks | high |
| 139063 | Mozilla Firefox ESR < 68.11 | Nessus | Windows | high |
| 139062 | Mozilla Firefox ESR < 68.11 | Nessus | MacOS X Local Security Checks | high |
| 139040 | Mozilla Firefox < 79.0 | Nessus | Windows | high |
| 139039 | Mozilla Firefox < 79.0 | Nessus | MacOS X Local Security Checks | high |
| 139034 | Microsoft Edge (Chromium) < 84.0.522.40 Multiple Vulnerabilities | Nessus | Windows | high |
| 138931 | GLSA-202007-08 : Chromium, Google Chrome: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 138788 | openSUSE Security Update : chromium (openSUSE-2020-1021) | Nessus | SuSE Local Security Checks | high |
| 138787 | openSUSE Security Update : chromium (openSUSE-2020-1020) | Nessus | SuSE Local Security Checks | high |
| 138537 | FreeBSD : chromium -- multiple vulnerabilities (870d59b0-c6c4-11ea-8015-e09467587c17) | Nessus | FreeBSD Local Security Checks | high |
| 138449 | Google Chrome < 84.0.4147.89 Multiple Vulnerabilities | Nessus | Windows | high |
| 138448 | Google Chrome < 84.0.4147.89 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | high |