CVE-2020-11793
moderate-risk
Published 2020-04-17
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
Do I need to act?
-
0.82% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (8)
Affected Vendors
References (16)
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html
Third Party Advisory
https://usn.ubuntu.com/4331-1/
Vendor Advisory
https://webkitgtk.org/security/WSA-2020-0004.html
Vendor Advisory
https://wpewebkit.org/security/WSA-2020-0004.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html
Third Party Advisory
https://usn.ubuntu.com/4331-1/
Vendor Advisory
https://webkitgtk.org/security/WSA-2020-0004.html
Vendor Advisory
https://wpewebkit.org/security/WSA-2020-0004.html
47
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
3/34 · Minimal
Exposure
14/34 · Moderate