CVE-2020-9948

A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
References
Link Resource
http://seclists.org/fulldisclosure/2020/Nov/18 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/11/23/3 Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202012-10 Third Party Advisory
https://support.apple.com/HT211845 Release Notes Vendor Advisory
https://www.debian.org/security/2020/dsa-4797 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:webkit:webkitgtk\+:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

23 Jul 2022, 10:06

Type Values Removed Values Added
First Time Debian debian Linux
Debian
Webkit
Webkit webkitgtk\+
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:webkit:webkitgtk\+:*:*:*:*:*:*:*:*
References (MLIST) http://www.openwall.com/lists/oss-security/2020/11/23/3 - (MLIST) http://www.openwall.com/lists/oss-security/2020/11/23/3 - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2020/dsa-4797 - (DEBIAN) https://www.debian.org/security/2020/dsa-4797 - Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2020/Nov/18 - (FULLDISC) http://seclists.org/fulldisclosure/2020/Nov/18 - Mailing List, Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202012-10 - (GENTOO) https://security.gentoo.org/glsa/202012-10 - Third Party Advisory

Information

Published : 2020-10-16 17:15

Updated : 2023-12-10 13:41


NVD link : CVE-2020-9948

Mitre link : CVE-2020-9948

CVE.ORG link : CVE-2020-9948


JSON object : View

Products Affected

webkit

  • webkitgtk\+

debian

  • debian_linux

apple

  • safari
CWE
CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')