Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-9983

Published: 16/10/2020 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Apple

Vulnerability Summary

An out-of-bounds write issue was found in webkit2gtk prior to 2.30.3. Processing maliciously crafted web content may have lead to code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple safari

apple ipados

apple icloud 11.5

apple tvos 14.0

apple itunes 12.10.9

apple watchos 7.0

fedoraproject fedora 32

fedoraproject fedora 33

Vendor Advisories

Debian Security Advisories: DSA-4797-1 webkit2gtk -- security update
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-9948 Brendan Draper discovered that processing maliciously crafted web content may lead to arbitrary code execution CVE-2020-9951 Marcin Noga discovered that processing maliciously crafted web content may lead to arbitrary code execution CVE ...
Arch Linux Issues:
An out-of-bounds write issue was found in webkit2gtk before 2303 Processing maliciously crafted web content may have lead to code execution ...

Mailing Lists

Full Disclosure: APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 70 <!--X-Subject-Header-End--> <!--X-H ...
Full Disclosure: APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 140 <!--X-Subject-Header-End--> <!--X-H ...
Full Disclosure: APPLE-SA-2020-09-16-3 Safari 14.0
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2020-09-16-3 Safari 140 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Product Security ...
Full Disclosure: APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 140 and iPadOS 140 <!--X-Subject-Header-E ...

Recent Articles

Russians charged for $16.8m crypto-coin heist, but traders warned their cash is only as safe as their security is tight
The Register • Shaun Nichols in San Francisco • 21 Sep 2020

Plus: Lazarus Group joins the big league, ex-Aussie PM doxxed, new flaw found in Bluetooth, and more

In brief A pair from Russia have been indicted for stealing nearly $17m worth of cryptocurrency. US prosecutors allege that Dmitrii Karasavid and Danil Potekhin did everything from phishing and spoofing to price manipulation to make off with $16.8m in internet scrip. Prosecutors claim that the pair would use phishing emails and fake logins to steal the passwords of currency owners. After breaking into the wallets and making off with the cryptocurrency, it is said they and their unnamed co-conspi...

Read more...

References

CWE-787https://support.apple.com/HT211845https://support.apple.com/kb/HT211843https://support.apple.com/kb/HT211850https://support.apple.com/kb/HT211844https://support.apple.com/kb/HT211952http://seclists.org/fulldisclosure/2020/Nov/19http://seclists.org/fulldisclosure/2020/Nov/18http://seclists.org/fulldisclosure/2020/Nov/22http://seclists.org/fulldisclosure/2020/Nov/20http://www.openwall.com/lists/oss-security/2020/11/23/3https://www.debian.org/security/2020/dsa-4797https://support.apple.com/kb/HT211935https://security.gentoo.org/glsa/202012-10https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/https://nvd.nist.govhttps://www.debian.org/security/2020/dsa-4797https://security.archlinux.org/CVE-2020-9983
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook