CVE-2020-6514: Infoleak
First published: Wed Jul 15 2020(Updated: )
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
Credit: natashenka Google Project Zeronatashenka Google Project Zeronatashenka Google Project Zeronatashenka Google Project Zero chrome-cve-admin@google.com chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox ESR | <68.11 | 68.11 |
| Apple Safari | <13.1.2 | 13.1.2 |
| Google Chrome | <84.0.4147.89 | |
| openSUSE Backports SLE | =15.0-sp1 | |
| openSUSE Backports SLE | =15.0-sp2 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =20.04 | |
| Apple Safari | <13.1.2 | |
| Apple iPadOS | <13.6 | |
| Apple iPhone OS | <13.6 | |
| Apple tvOS | <13.4.8 | |
| Apple watchOS | <6.2.8 | |
| Apple watchOS | <6.2.8 | 6.2.8 |
| Apple tvOS | <13.4.8 | 13.4.8 |
| Mozilla Firefox ESR | <78.1 | 78.1 |
| Mozilla Thunderbird | <78.1 | 78.1 |
| Mozilla Thunderbird | <68.11 | 68.11 |
| Mozilla Firefox | <79 | 79 |
| Apple iOS | <13.6 | 13.6 |
| Apple iPadOS | <13.6 | 13.6 |
| debian/chromium | 120.0.6099.224-1~deb11u1 128.0.6613.84-1~deb12u1 130.0.6723.69-1~deb12u1 129.0.6668.89-1 130.0.6723.69-1 | |
| debian/firefox | 132.0-1 | |
| debian/firefox-esr | 115.14.0esr-1~deb11u1 128.4.0esr-1~deb11u1 115.14.0esr-1~deb12u1 128.4.0esr-1~deb12u1 128.3.1esr-2 128.4.0esr-1 | |
| debian/thunderbird | 1:115.12.0-1~deb11u1 1:115.16.0esr-1~deb11u1 1:115.12.0-1~deb12u1 1:115.16.0esr-1~deb12u1 1:128.3.2esr-1 1:128.4.0esr-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1642792
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/
- https://support.apple.com/en-us/HT211292 (Advisory)
- https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html
- https://crbug.com/1076703
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html
- https://security.gentoo.org/glsa/202007-08
- https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html
- https://www.debian.org/security/2020/dsa-4736
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/
- https://security.gentoo.org/glsa/202007-64
- http://packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/
- https://www.debian.org/security/2020/dsa-4740
- https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html
- https://usn.ubuntu.com/4443-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html
- https://support.apple.com/kb/HT211288
- https://support.apple.com/kb/HT211290
- https://support.apple.com/kb/HT211291
- https://support.apple.com/kb/HT211292
- https://www.debian.org/security/2021/dsa-4824
- https://security.gentoo.org/glsa/202101-30
- https://launchpad.net/bugs/cve/CVE-2020-6514
- https://support.apple.com/en-us/HT211291 (Advisory)
- https://support.apple.com/en-us/HT211290 (Advisory)
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-6514
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/
- https://support.apple.com/en-us/HT211288 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-6514
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-6514
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-6514
- https://security-tracker.debian.org/tracker/CVE-2020-6514
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514
- https://nvd.nist.gov/vuln/detail/CVE-2020-6514
- https://ubuntu.com/security/CVE-2020-6514
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-15652
- CVE-2020-6514
- CVE-2020-6463
- CVE-2020-15650
- CVE-2020-15649
- CVE-2020-15659
- CVE-2020-9942
- CVE-2020-9912
- CVE-2020-9903
- CVE-2020-9911
- CVE-2020-9894
- CVE-2020-9915
- CVE-2020-9925
- CVE-2020-9893
- CVE-2020-9895
- CVE-2020-9910
- CVE-2020-9916
- CVE-2020-9862
- CVE-2020-9884
- CVE-2020-9889
- CVE-2020-9888
- CVE-2020-9890
- CVE-2020-9891
- CVE-2020-9883
- CVE-2020-9865
- CVE-2020-9900
- CVE-2020-9980
- CVE-2020-9933
- CVE-2020-27933
- CVE-2020-11758
- CVE-2020-11759
- CVE-2020-11760
- CVE-2020-11761
- CVE-2020-11762
- CVE-2020-11763
- CVE-2020-11764
- CVE-2020-11765
- CVE-2020-9871
- CVE-2020-9872
- CVE-2020-9874
- CVE-2020-9879
- CVE-2020-9936
- CVE-2020-9937
- CVE-2020-9919
- CVE-2020-9876
- CVE-2020-9873
- CVE-2020-9938
- CVE-2020-9984
- CVE-2020-9877
- CVE-2020-9875
- CVE-2020-9923
- CVE-2020-9909
- CVE-2020-9904
- CVE-2020-9863
- CVE-2020-9892
- CVE-2020-9902
- CVE-2020-9997
- CVE-2020-9926
- CVE-2020-9920
- CVE-2020-9885
- CVE-2020-9880
- CVE-2020-9878
- CVE-2020-9881
- CVE-2020-9882
- CVE-2020-9985
- CVE-2020-9868
- CVE-2020-9918
- CVE-2020-9906
- CVE-2020-9907
- CVE-2020-9914
- CVE-2019-14899
- CVE-2020-9905
- CVE-2020-9940
- CVE-2020-9901
- CVE-2020-15655
- CVE-2020-15653
- CVE-2020-15656
- CVE-2020-15658
- CVE-2020-15657
- CVE-2020-15654
- CVE-2020-9931
- CVE-2020-9934
- CVE-2019-19906
- CVE-2020-9898
- CVE-2020-9917
Frequently Asked Questions
What is CVE-2020-6514?
CVE-2020-6514 is a memory corruption issue in WebRTC that allows bypassing ASLR.
What software is affected by CVE-2020-6514?
The affected software includes Mozilla Firefox ESR (version up to 68.11), Apple iOS (version up to 13.6), Apple iPadOS (version up to 13.6), Apple Safari (version up to 13.1.2), Apple watchOS (version up to 6.2.8), Apple tvOS (version up to 13.4.8), Mozilla Thunderbird (version up to 78.1), Mozilla Firefox (version up to 79).
What is the severity of CVE-2020-6514?
CVE-2020-6514 has a severity rating of high, with a severity score of 7.
How can I fix the vulnerability CVE-2020-6514?
To fix CVE-2020-6514, you should update your software to the latest available version provided by the vendor.
Where can I find more information about CVE-2020-6514?
You can find more information about CVE-2020-6514 in the following references: [1] [2] [3].
- collector/mozilla-advisory
- collector/apple-support
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/severity
- agent/weakness
- source/Mozilla
- agent/software-canonical-lookup
- agent/description
- collector/nvd-cve
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/mozilla
- canonical/mozilla firefox esr
- vendor/apple
- canonical/apple safari
- vendor/google
- canonical/google chrome
- vendor/opensuse
- canonical/opensuse backports sle
- version/opensuse backports sle/15.0-sp1
- version/opensuse backports sle/15.0-sp2
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/20.04
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple tvos
- canonical/apple watchos
- canonical/mozilla thunderbird
- canonical/mozilla firefox
- canonical/apple ios
- package-manager/debian