CVE-2020-9948 — Type Confusion in Apple Safari

Vendor	Product	Version range	Fixed in
apple	safari	< 14.0	14.0
apple	safari	>= unspecified < Safari 14.0	Safari 14.0
debian	debian_linux	—	—
debian	webkit2gtk	< webkit2gtk 2.30.1-1 (bookworm)	webkit2gtk 2.30.1-1 (bookworm)
debian	wpewebkit	< webkit2gtk 2.30.1-1 (bookworm)	webkit2gtk 2.30.1-1 (bookworm)
webkit	webkitgtk	<= 2.30.3	—

GHSA

GHSA-f937-gh67-6x56: A type confusion issue was addressed with improved memory handling

ghsa_unreviewed·2022-05-24

CVE-2020-9948 [HIGH] CWE-843 GHSA-f937-gh67-6x56: A type confusion issue was addressed with improved memory handling A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.

OSV

CVE-2020-9948: A type confusion issue was addressed with improved memory handling

osv·2020-10-16·CVSS 8.8

CVE-2020-9948 [HIGH] CVE-2020-9948: A type confusion issue was addressed with improved memory handling A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.

Ubuntu

WebKitGTK vulnerabilities

vendor_ubuntu·2020-11-26

CVE-2020-13753 WebKitGTK vulnerabilities Title: WebKitGTK vulnerabilities Summary: Several security issues were fixed in WebKitGTK. A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Instructions: This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes.

Red Hat

webkitgtk: type confusion may lead to arbitrary code execution

vendor_redhat·2020-11-23·CVSS 8.8

CVE-2020-9948 [HIGH] CWE-843 webkitgtk: type confusion may lead to arbitrary code execution webkitgtk: type confusion may lead to arbitrary code execution A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Out of support scope

Debian

CVE-2020-9948: webkit2gtk - A type confusion issue was addressed with improved memory handling. This issue i...

vendor_debian·2020·CVSS 8.8

CVE-2020-9948 [HIGH] CVE-2020-9948: webkit2gtk - A type confusion issue was addressed with improved memory handling. This issue i... A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Scope: local bookworm: resolved (fixed in 2.30.1-1) bullseye: resolved (fixed in 2.30.1-1) forky: resolved (fixed in 2.30.1-1) sid: resolved (fixed in 2.30.1-1) trixie: resolved (fixed in 2.30.1-1)

CVE-2020-9948: A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to…

Affected

CVSS provenance