GHSA-m7mf-48hp-5qmr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m7mf-48hp-5qmr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/12/GHSA-m7mf-48hp-5qmr/GHSA-m7mf-48hp-5qmr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m7mf-48hp-5qmr
- Aliases
- Published
- 2020-12-02T18:28:47Z
- Modified
- 2024-02-16T08:24:30.978175Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Inappropriate implementation in V8
- Details
-
CVE-2020-16009: Inappropriate implementation in V8
- https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009
Google is aware of reports that exploits for CVE-2020-16009 exist in the wild.
Allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
There is currently little to no public information on the issue other than it has been flagged as
Highseverity. - References
-
- https://github.com/cefsharp/CefSharp/security/advisories/GHSA-m7mf-48hp-5qmr
- https://nvd.nist.gov/vuln/detail/CVE-2020-16009
- https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
- https://crbug.com/1143772
- https://github.com/cefsharp/CefSharp
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M
- https://security.gentoo.org/glsa/202011-12
- https://www.debian.org/security/2021/dsa-4824
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html
- http://packetstormsecurity.com/files/159974/Chrome-V8-Turbofan-Type-Confusion.html
Affected packages
NuGet / CefSharp.Common
Package
- Name
- CefSharp.Common
- View open source insights on deps.dev
- Purl
- pkg:nuget/CefSharp.Common
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed86.0.241
Affected versions
31.*
31.0.0-pre1
33.*
33.0.0
33.0.2
33.1.0-pre01
37.*
37.0.0-pre01
37.0.0-pre02
37.0.0
37.0.1
37.0.2
37.0.3
39.*
39.0.0-pre01
39.0.0-pre02
39.0.0-pre03
39.0.0
39.0.1
39.0.2
41.*
41.0.0-pre01
41.0.0
41.0.1
43.*
43.0.0-pre01
43.0.0-pre02
43.0.0
43.0.1
45.*
45.0.0-pre01
45.0.0
47.*
47.0.0-pre01
47.0.0
47.0.1
47.0.2
47.0.3
47.0.4
49.*
49.0.0-pre01
49.0.0-pre02
49.0.0
49.0.1
51.*
51.0.0-pre01
51.0.0-pre02
51.0.0
53.*
53.0.0-pre01
53.0.0
53.0.1
55.*
55.0.0-pre01
55.0.0
57.*
57.0.0-pre01
57.0.0
62.*
62.0.0-pre01
62.0.0-proprietary-codecs
62.0.0-proprietary-codecs2
63.*
63.0.0-pre01
63.0.0-pre02
63.0.0-pre03
63.0.0
63.0.1
63.0.2
63.0.3
65.*
65.0.0-pre01
65.0.0-pre02
65.0.0
65.0.1
67.*
67.0.0-pre01
67.0.0
69.*
69.0.0-pre01
69.0.0
71.*
71.0.0-pre01
71.0.0
71.0.1
71.0.2
73.*
73.1.120-pre01
73.1.130
75.*
75.1.140-pre01
75.1.141
75.1.142
75.1.143
79.*
79.1.310-pre
79.1.350
79.1.360
81.*
81.3.20-pre
81.3.100
83.*
83.3.120-pre
83.4.20
84.*
84.3.10-pre
84.4.10
85.*
85.3.120-pre
85.3.121-pre
85.3.121
85.3.130
86.*
86.0.240-pre
NuGet / CefSharp.Wpf
Package
- Name
- CefSharp.Wpf
- View open source insights on deps.dev
- Purl
- pkg:nuget/CefSharp.Wpf
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed86.0.241
Affected versions
1.*
1.25.2-perlun0
1.25.3
1.25.4
1.25.5
1.25.6
1.25.7
1.25.8
3.*
3.29.0-pre0
31.*
31.0.0-pre1
33.*
33.0.0
33.0.2
33.1.0-pre01
37.*
37.0.0-pre01
37.0.0-pre02
37.0.0
37.0.1
37.0.3
39.*
39.0.0-pre01
39.0.0-pre02
39.0.0-pre03
39.0.0
39.0.1
39.0.2
41.*
41.0.0-pre01
41.0.0
41.0.1
43.*
43.0.0-pre01
43.0.0-pre02
43.0.0
43.0.1
45.*
45.0.0-pre01
45.0.0
47.*
47.0.0-pre01
47.0.0
47.0.1
47.0.2
47.0.3
47.0.4
49.*
49.0.0-pre01
49.0.0-pre02
49.0.0
49.0.1
51.*
51.0.0-pre01
51.0.0-pre02
51.0.0
53.*
53.0.0-pre01
53.0.0
53.0.1
55.*
55.0.0-pre01
55.0.0
57.*
57.0.0-pre01
57.0.0
62.*
62.0.0-pre01
62.0.0-proprietary-codecs
62.0.0-proprietary-codecs2
63.*
63.0.0-pre01
63.0.0-pre02
63.0.0-pre03
63.0.0
63.0.1
63.0.2
63.0.3
65.*
65.0.0-pre01
65.0.0-pre02
65.0.0
65.0.1
67.*
67.0.0-pre01
67.0.0
69.*
69.0.0-pre01
69.0.0
71.*
71.0.0-pre01
71.0.0
71.0.1
71.0.2
73.*
73.1.120-pre01
73.1.130
75.*
75.1.140-pre01
75.1.141
75.1.142
75.1.143
79.*
79.1.310-pre
79.1.350
79.1.360
81.*
81.3.20-pre
81.3.100
83.*
83.3.120-pre
83.4.20
84.*
84.3.10-pre
84.4.10
85.*
85.3.120-pre
85.3.121-pre
85.3.121
85.3.130
86.*
86.0.240-pre
NuGet / CefSharp.WinForms
Package
- Name
- CefSharp.WinForms
- View open source insights on deps.dev
- Purl
- pkg:nuget/CefSharp.WinForms
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed86.0.241
Affected versions
1.*
1.25.3
33.*
33.0.0
33.0.2
33.1.0-pre01
37.*
37.0.0-pre01
37.0.0-pre02
37.0.0
37.0.1
37.0.3
39.*
39.0.0-pre01
39.0.0-pre02
39.0.0-pre03
39.0.0
39.0.1
39.0.2
41.*
41.0.0-pre01
41.0.0
41.0.1
43.*
43.0.0-pre01
43.0.0-pre02
43.0.0
43.0.1
45.*
45.0.0-pre01
45.0.0
47.*
47.0.0-pre01
47.0.0
47.0.1
47.0.2
47.0.3
47.0.4
49.*
49.0.0-pre01
49.0.0-pre02
49.0.0
49.0.1
51.*
51.0.0-pre01
51.0.0-pre02
51.0.0
53.*
53.0.0-pre01
53.0.0
53.0.1
55.*
55.0.0-pre01
55.0.0
57.*
57.0.0-pre01
57.0.0
62.*
62.0.0-pre01
62.0.0-proprietary-codecs
62.0.0-proprietary-codecs2
63.*
63.0.0-pre01
63.0.0-pre02
63.0.0-pre03
63.0.0
63.0.1
63.0.2
63.0.3
65.*
65.0.0-pre01
65.0.0-pre02
65.0.0
65.0.1
67.*
67.0.0-pre01
67.0.0
69.*
69.0.0-pre01
69.0.0
71.*
71.0.0-pre01
71.0.0
71.0.1
71.0.2
73.*
73.1.120-pre01
73.1.130
75.*
75.1.140-pre01
75.1.141
75.1.142
75.1.143
79.*
79.1.310-pre
79.1.350
79.1.360
81.*
81.3.20-pre
81.3.100
83.*
83.3.120-pre
83.4.20
84.*
84.3.10-pre
84.4.10
85.*
85.3.120-pre
85.3.121-pre
85.3.121
85.3.130
86.*
86.0.240-pre
NuGet / CefSharp.Wpf.HwndHost
Package
- Name
- CefSharp.Wpf.HwndHost
- View open source insights on deps.dev
- Purl
- pkg:nuget/CefSharp.Wpf.HwndHost