Security Advisory
1) Heap-based buffer overflow
Risk: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-15960
CWE-ID: CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in storage. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
chromium-browser (Red Hat package): 80.0.3987.149-1.el6_10, 80.0.3987.162-1.el6_10, 81.0.4044.92-2.el6_10, 81.0.4044.113-1.el6_10, 81.0.4044.122-1.el6_10, 81.0.4044.129-1.el6_10, 81.0.4044.138-1.el6_10, 83.0.4103.106-1.el6_10, 83.0.4103.116-1.el6_10, 84.0.4147.105-2.el6_10, 84.0.4147.135-1.el6_10
Red Hat Enterprise Linux for Scientific Computing: 6
Red Hat Enterprise Linux Desktop: 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0
CPE
External links
https://access.redhat.com/errata/RHSA-2020:4206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this ..
Support the originator by clicking the read the rest link below.
