CVE-2020-9951Use After Free in Apple Safari

CWE-416Use After Free10 documents8 sources
Severity
8.8HIGHNVD
EPSS
2.0%
top 16.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Apple SafariApple IcloudApple Ipados+6 more
Timeline
PublishedOct 16
Latest updateMay 24

Description

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

CVEListV5apple/safariunspecifiedSafari 14.0
NVDapple/safari< 14.0
NVDapple/tvos< 14.0
NVDapple/icloud< 11.5
NVDapple/ipados< 14.0

Also affects: Debian Linux 10.0

🔴Vulnerability Details

3
GHSA
GHSA-mv2h-wfgr-5q32: A use after free issue was addressed with improved memory management2022-05-24
CVEList
CVE-2020-9951: A use after free issue was addressed with improved memory management2020-10-16
OSV
CVE-2020-9951: A use after free issue was addressed with improved memory management2020-10-16

📋Vendor Advisories

6
Ubuntu
WebKitGTK vulnerabilities2020-11-26
Red Hat
webkitgtk: use-after-free may lead to arbitrary code execution2020-11-23
Apple
CVE-2020-9951: tvOS 14.02020-09-16
Apple
CVE-2020-9951: iTunes 12.10.9 for Windows2020-09-16
Apple
CVE-2020-9951: watchOS 7.02020-09-16
CVE-2020-9951 — Use After Free in Apple Safari | cvebase