Vulnerability-Lookup

CVE-2020-16044 (GCVE-0-2020-16044)

Vulnerability from cvelistv5 – Published: 2021-02-09 13:55 – Updated: 2024-08-04 13:37

Summary

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

Severity ?

No CVSS data available.

CWE

Use after free

Assigner

Chrome

References

2 references

URL	Tags
https://crbug.com/1163228	x_refsource_MISC
https://chromereleases.googleblog.com/2021/01/sta…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: unspecified , < 88.0.4324.96 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:37:53.353Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/1163228"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "88.0.4324.96",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-09T13:55:54.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/1163228"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2020-16044",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "88.0.4324.96"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use after free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/1163228",
              "refsource": "MISC",
              "url": "https://crbug.com/1163228"
            },
            {
              "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2020-16044",
    "datePublished": "2021-02-09T13:55:54.000Z",
    "dateReserved": "2020-07-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:37:53.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-16044",
      "date": "2026-05-19",
      "epss": "0.00379",
      "percentile": "0.59575"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"88.0.4324.96\", \"matchCriteriaId\": \"565ED6B8-8F41-4E79-A280-33CB321E607F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.\"}, {\"lang\": \"es\", \"value\": \"Un uso de la memoria previamente liberada en WebRTC en Google Chrome versiones anteriores a 88.0.4324.96, permit\\u00eda a un atacante remoto explotar potencialmente una corrupci\\u00f3n de la memoria por medio de un paquete SCTP dise\\u00f1ado\"}]",
      "id": "CVE-2020-16044",
      "lastModified": "2024-11-21T05:06:44.207",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-02-09T14:15:14.450",
      "references": "[{\"url\": \"https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://crbug.com/1163228\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://crbug.com/1163228\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "chrome-cve-admin@google.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}, {\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-16044\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2021-02-09T14:15:14.450\",\"lastModified\":\"2024-11-21T05:06:44.207\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.\"},{\"lang\":\"es\",\"value\":\"Un uso de la memoria previamente liberada en WebRTC en Google Chrome versiones anteriores a 88.0.4324.96, permit\u00eda a un atacante remoto explotar potencialmente una corrupci\u00f3n de la memoria por medio de un paquete SCTP dise\u00f1ado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"88.0.4324.96\",\"matchCriteriaId\":\"565ED6B8-8F41-4E79-A280-33CB321E607F\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1163228\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1163228\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2021-AVI-007

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Mozilla Firefox. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla Foundation mfsa2021-01 du 06 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-007",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Mozilla Firefox. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla Foundation mfsa2021-01 du 06 janvier 2021",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/"
    }
  ]
}

CERTFR-2021-AVI-016

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Mozilla Thunderbird. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 78.6.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2021-02 du 11 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 78.6.1",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-016",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Mozilla Thunderbird. Elle permet\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-02 du 11 janvier 2021",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-02/"
    }
  ]
}

CERTFR-2021-AVI-048

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Google Chrome versions antérieures à 88.0.4324.96

References

Title

Publication Time

Tags

Bulletin de sécurité Google du 19 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 88.0.4324.96",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21138"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21117"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-048",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google du 19 janvier 2021",
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    }
  ]
}

CERTFR-2021-AVI-103

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge pour Android
	Microsoft	Edge	Microsoft Edge (Chromium-based)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 février 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge pour Android",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge (Chromium-based)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21148"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21147"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21143"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21142"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-24113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24113"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21145"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-24100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24100"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21144"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21146"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-103",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 f\u00e9vrier 2021",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2021-AVI-007

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Mozilla Firefox. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla Foundation mfsa2021-01 du 06 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-007",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Mozilla Firefox. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla Foundation mfsa2021-01 du 06 janvier 2021",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/"
    }
  ]
}

CERTFR-2021-AVI-016

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Mozilla Thunderbird. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 78.6.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2021-02 du 11 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 78.6.1",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-016",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Mozilla Thunderbird. Elle permet\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-02 du 11 janvier 2021",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-02/"
    }
  ]
}

CERTFR-2021-AVI-048

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Google Chrome versions antérieures à 88.0.4324.96

References

Title

Publication Time

Tags

Bulletin de sécurité Google du 19 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 88.0.4324.96",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21138"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21117"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-048",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google du 19 janvier 2021",
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    }
  ]
}

CERTFR-2021-AVI-103

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge pour Android
	Microsoft	Edge	Microsoft Edge (Chromium-based)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 février 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge pour Android",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge (Chromium-based)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21148"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21147"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21143"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21142"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-24113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24113"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21145"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-24100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24100"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21144"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21146"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-103",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 f\u00e9vrier 2021",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CNVD-2021-03554

Vulnerability from cnvd - Published: 2021-01-17

Title

Mozilla Firefox拒绝服务漏洞（CNVD-2021-03554）

Description

Mozilla Firefox和Mozilla Firefox ESR都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。 Mozilla Firefox存在拒绝服务漏洞，该漏洞源于网络系统或产品未对输入的数据进行正确的验证，攻击者可利用该漏洞导致拒绝服务条件，拒绝向合法用户提供服务。

Severity

高

Patch Name

Mozilla Firefox拒绝服务漏洞（CNVD-2021-03554）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044

Reference

https://www.debian.org/security/2021/dsa-4827; https://security-tracker.debian.org/tracker/CVE-2020-16044

Impacted products

Name
Mozilla Firefox

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-16044",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-16044"
    }
  },
  "description": "Mozilla Firefox\u548cMozilla Firefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox(Web\u6d4f\u89c8\u5668)\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\n\nMozilla Firefox\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\uff0c\u62d2\u7edd\u5411\u5408\u6cd5\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-03554",
  "openTime": "2021-01-17",
  "patchDescription": "Mozilla Firefox\u548cMozilla Firefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox(Web\u6d4f\u89c8\u5668)\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\uff0c\u62d2\u7edd\u5411\u5408\u6cd5\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2021-03554\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Mozilla Firefox"
  },
  "referenceLink": "https://www.debian.org/security/2021/dsa-4827; https://security-tracker.debian.org/tracker/CVE-2020-16044",
  "serverity": "\u9ad8",
  "submitTime": "2021-01-14",
  "title": "Mozilla Firefox\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2021-03554\uff09"
}

FKIE_CVE-2020-16044

Vulnerability from fkie_nvd - Published: 2021-02-09 14:15 - Updated: 2024-11-21 05:06

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

References

URL	Tags
chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html	Release Notes, Vendor Advisory
chrome-cve-admin@google.com	https://crbug.com/1163228	Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://crbug.com/1163228	Permissions Required, Third Party Advisory

Impacted products

	Vendor	Product	Version
	google	chrome	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "565ED6B8-8F41-4E79-A280-33CB321E607F",
              "versionEndExcluding": "88.0.4324.96",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet."
    },
    {
      "lang": "es",
      "value": "Un uso de la memoria previamente liberada en WebRTC en Google Chrome versiones anteriores a 88.0.4324.96, permit\u00eda a un atacante remoto explotar potencialmente una corrupci\u00f3n de la memoria por medio de un paquete SCTP dise\u00f1ado"
    }
  ],
  "id": "CVE-2020-16044",
  "lastModified": "2024-11-21T05:06:44.207",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-09T14:15:14.450",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://crbug.com/1163228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://crbug.com/1163228"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-16044 (GCVE-0-2020-16044)

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature