First published: Thu Dec 03 2020(Updated: )
Webkit WebKitGTK could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebSocket functionality. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 | |
WebKitGTK WebKitGTK | =2.30.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-13543.
The severity of CVE-2020-13543 is high with a CVSS score of 8.8.
IBM Cloud Pak for Security (CP4S) version up to 1.7.2.0 and WebKitGTK version 2.30.0 are affected by CVE-2020-13543.
CVE-2020-13543 is a code execution vulnerability that occurs in the WebSocket functionality of WebKit WebKitGTK due to a use-after-free issue. An attacker can exploit this vulnerability by convincing a user to visit a malicious website.
Yes, you can find references for CVE-2020-13543 at the following links: IBM X-Force Exchange - https://exchange.xforce.ibmcloud.com/vulnerabilities/192461, IBM Support Page - https://www.ibm.com/support/pages/node/6493729, Gentoo Security Advisory - https://security.gentoo.org/glsa/202012-10.