Multiple vulnerabilities in WebKitGTK and WPE WebKit
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 |
| CWE-ID | CWE-840 CWE-362 CWE-119 CWE-843 CWE-79 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
WebKitGTK+ Server applications / Frameworks for developing and running applications WPE WebKit Server applications / Frameworks for developing and running applications |
| Vendor | WebKitGTK |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Business Logic Errors
EUVDB-ID: #VU26432
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3885
CWE-ID:
CWE-840 - Business Logic Errors (3.0)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to logical errors. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page and cause a file URL may be incorrectly processed.
MitigationInstall update from vendor's website.
WebKitGTK+: 2.0.0 - 2.27.91
WPE WebKit: 2.19.93 - 2.27.91
External linkshttp://webkitgtk.org/security/WSA-2020-0005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU26428
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-3894
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to a race condition. A remote atacker can trick a victim to open a specially crafted file or visit a malicioous page, exploit the race and gain unauthorized access to sensitive information on the target system.
MitigationInstall update from vendor's website.
WebKitGTK+: 2.0.0 - 2.27.91
WPE WebKit: 2.19.93 - 2.27.91
External linkshttp://webkitgtk.org/security/WSA-2020-0005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Buffer overflow
EUVDB-ID: #VU26426
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3895
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
WebKitGTK+: 2.0.0 - 2.27.91
WPE WebKit: 2.19.93 - 2.27.91
External linkshttp://webkitgtk.org/security/WSA-2020-0005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Type Confusion
EUVDB-ID: #VU26422
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3897
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the object transition cache. A remote attacker can trick a victim to visit a malicisou page or open a specially crafted file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
WebKitGTK+: 2.0.0 - 2.27.91
WPE WebKit: 2.19.93 - 2.27.91
External linkshttp://webkitgtk.org/security/WSA-2020-0005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU26427
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3900
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
WebKitGTK+: 2.0.0 - 2.27.91
WPE WebKit: 2.19.93 - 2.27.91
External linkshttp://webkitgtk.org/security/WSA-2020-0005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Type Confusion
EUVDB-ID: #VU26424
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3901
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
WebKitGTK+: 2.0.0 - 2.27.91
WPE WebKit: 2.19.93 - 2.27.91
External linkshttp://webkitgtk.org/security/WSA-2020-0005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Cross-site scripting
EUVDB-ID: #VU26431
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3902
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
WebKitGTK+: 2.0.0 - 2.27.91
WPE WebKit: 2.19.93 - 2.27.91
External linkshttp://webkitgtk.org/security/WSA-2020-0005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
