8.8
CVSSv3

CVE-2020-13558

Published: 03/03/2021 Updated: 28/04/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

webkitgtk webkitgtk 2.30.1

Vendor Advisories

The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-13558 Marcin Noga discovered that processing maliciously crafted web content may lead to arbitrary code execution For the stable distribution (buster), this problem has been fixed in version 2305-1~deb10u1 We recommend that you upgrade your webki ...
A use after free issue was found in WebKitGTK and WPE WebKit before version 2305 in the AudioSourceProviderGStreamer class Processing maliciously crafted web content may lead to arbitrary code execution ...

Mailing Lists

------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2021-0001 ------------------------------------------------------------------------ Date reported : February 15, 2021 Advisory ID : WSA-2021-0001 WebKitGTK Advisory URL : webkitgtkor ...

Github Repositories

CVE-2020-13558 Proof-of-Concept (PoC) script to exploit CVE-2020-13558 Usage Achieves exploitation of CVE-2020-13558 chmod +x CVE-2020-13558sh sudo /CVE-2020-13558sh -c <TargetIP> sudo /CVE-2020-13558sh -l <ListoFIPs>