CVE-2020-6514

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

References

https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html

https://crbug.com/1076703

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html

https://security.gentoo.org/glsa/202007-08

https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html

https://www.debian.org/security/2020/dsa-4736

https://lists.fedoraproject.org/archives/list/[email protected]/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/

https://security.gentoo.org/glsa/202007-64

http://packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/

https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html

https://www.debian.org/security/2020/dsa-4740

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html

https://usn.ubuntu.com/4443-1/

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html

https://support.apple.com/kb/HT211292

https://support.apple.com/kb/HT211288

https://support.apple.com/kb/HT211290

https://support.apple.com/kb/HT211291

https://www.debian.org/security/2021/dsa-4824

https://security.gentoo.org/glsa/202101-30

Details

Source: MITRE

Published: 2020-07-22

Updated: 2021-07-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (73 total)

IDNameProductFamilySeverity
150564SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14456-1)NessusSuSE Local Security Checks
high
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147390NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0007)NessusNewStart CGSL Local Security Checks
high
147331NewStart CGSL MAIN 6.02 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0056)NessusNewStart CGSL Local Security Checks
high
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
147292NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0006)NessusNewStart CGSL Local Security Checks
high
147247NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0052)NessusNewStart CGSL Local Security Checks
high
145919CentOS 8 : firefox (CESA-2020:3241)NessusCentOS Local Security Checks
high
145868CentOS 8 : thunderbird (CESA-2020:3341)NessusCentOS Local Security Checks
high
145430GLSA-202101-30 : Qt WebEngine: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
144672Debian DSA-4824-1 : chromium - security updateNessusDebian Local Security Checks
high
140196Amazon Linux 2 : thunderbird (ALAS-2020-1487)NessusAmazon Linux Local Security Checks
high
139648openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1205)NessusSuSE Local Security Checks
high
139562openSUSE Security Update : MozillaFirefox (openSUSE-2020-1189)NessusSuSE Local Security Checks
high
139558openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1179)NessusSuSE Local Security Checks
high
139475Oracle Linux 6 : thunderbird (ELSA-2020-3345)NessusOracle Linux Local Security Checks
high
139474Oracle Linux 7 : thunderbird (ELSA-2020-3344)NessusOracle Linux Local Security Checks
high
139473Oracle Linux 8 : thunderbird (ELSA-2020-3341)NessusOracle Linux Local Security Checks
high
139467RHEL 6 : chromium-browser (RHSA-2020:3377)NessusRed Hat Local Security Checks
high
139450openSUSE Security Update : opera (openSUSE-2020-1172)NessusSuSE Local Security Checks
high
139444openSUSE Security Update : MozillaFirefox (openSUSE-2020-1155)NessusSuSE Local Security Checks
high
139421CentOS 6 : thunderbird (CESA-2020:3345)NessusCentOS Local Security Checks
high
139420CentOS 7 : firefox (CESA-2020:3253)NessusCentOS Local Security Checks
high
139419CentOS 7 : thunderbird (CESA-2020:3344)NessusCentOS Local Security Checks
high
139417CentOS 6 : firefox (CESA-2020:3233)NessusCentOS Local Security Checks
high
139406SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2147-1)NessusSuSE Local Security Checks
high
139400Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200806)NessusScientific Linux Local Security Checks
high
139399Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200806)NessusScientific Linux Local Security Checks
high
139376RHEL 6 : thunderbird (RHSA-2020:3345)NessusRed Hat Local Security Checks
high
139360SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2118-1)NessusSuSE Local Security Checks
high
139357openSUSE Security Update : opera (openSUSE-2020-1148)NessusSuSE Local Security Checks
high
139356openSUSE Security Update : MozillaFirefox (openSUSE-2020-1147)NessusSuSE Local Security Checks
high
139336RHEL 8 : thunderbird (RHSA-2020:3343)NessusRed Hat Local Security Checks
high
139335RHEL 8 : thunderbird (RHSA-2020:3342)NessusRed Hat Local Security Checks
high
139334RHEL 7 : thunderbird (RHSA-2020:3344)NessusRed Hat Local Security Checks
high
139333RHEL 8 : thunderbird (RHSA-2020:3341)NessusRed Hat Local Security Checks
high
139331RHEL 7 : firefox (RHSA-2020:3253)NessusRed Hat Local Security Checks
high
139318Mozilla Thunderbird < 78.1NessusWindows
high
139317Mozilla Thunderbird < 78.1NessusMacOS X Local Security Checks
high
139300Scientific Linux Security Update : firefox on SL7.x x86_64 (20200730)NessusScientific Linux Local Security Checks
high
139282SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:2100-1)NessusSuSE Local Security Checks
high
139279Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-213-01)NessusSlackware Local Security Checks
high
139278Oracle Linux 7 : firefox (ELSA-2020-3253)NessusOracle Linux Local Security Checks
high
139277Oracle Linux 8 : firefox (ELSA-2020-3241)NessusOracle Linux Local Security Checks
high
139276Oracle Linux 6 : firefox (ELSA-2020-3233)NessusOracle Linux Local Security Checks
high
139272GLSA-202007-64 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
139261Fedora 31 : chromium (2020-84d87cbd50)NessusFedora Local Security Checks
high
139255Debian DSA-4740-1 : thunderbird - security updateNessusDebian Local Security Checks
high
139253Debian DLA-2310-1 : thunderbird security updateNessusDebian Local Security Checks
high
139220Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200730)NessusScientific Linux Local Security Checks
high
139210Debian DSA-4736-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
139201RHEL 8 : firefox (RHSA-2020:3254)NessusRed Hat Local Security Checks
high
139196RHEL 6 : firefox (RHSA-2020:3233)NessusRed Hat Local Security Checks
high
139190RHEL 8 : firefox (RHSA-2020:3229)NessusRed Hat Local Security Checks
high
139186RHEL 8 : firefox (RHSA-2020:3241)NessusRed Hat Local Security Checks
high
139185Mozilla Thunderbird < 68.11NessusWindows
high
139184Mozilla Thunderbird < 68.11NessusMacOS X Local Security Checks
high
139182Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Firefox vulnerabilities (USN-4443-1)NessusUbuntu Local Security Checks
high
139106Fedora 32 : chromium (2020-bf684961d9)NessusFedora Local Security Checks
high
139097Debian DLA-2297-1 : firefox-esr security updateNessusDebian Local Security Checks
high
139074Mozilla Firefox ESR < 78.1NessusWindows
high
139073Mozilla Firefox ESR < 78.1NessusMacOS X Local Security Checks
high
139063Mozilla Firefox ESR < 68.11NessusWindows
high
139062Mozilla Firefox ESR < 68.11NessusMacOS X Local Security Checks
high
139040Mozilla Firefox < 79.0NessusWindows
high
139039Mozilla Firefox < 79.0NessusMacOS X Local Security Checks
high
139034Microsoft Edge (Chromium) < 84.0.522.40 Multiple VulnerabilitiesNessusWindows
high
138931GLSA-202007-08 : Chromium, Google Chrome: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
138788openSUSE Security Update : chromium (openSUSE-2020-1021)NessusSuSE Local Security Checks
high
138787openSUSE Security Update : chromium (openSUSE-2020-1020)NessusSuSE Local Security Checks
high
138537FreeBSD : chromium -- multiple vulnerabilities (870d59b0-c6c4-11ea-8015-e09467587c17)NessusFreeBSD Local Security Checks
high
138449Google Chrome < 84.0.4147.89 Multiple VulnerabilitiesNessusWindows
high
138448Google Chrome < 84.0.4147.89 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high