CVE-2020-6514 - OpenCVE

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Watchos Tvos Safari Ipados
Google	Chrome
Opensuse	Leap Backports Sle
Canonical	Ubuntu Linux
Fedoraproject	Fedora
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
	cpe:2.3:a:opensuse:backports_sle:15.0:sp2::::::
	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:opensuse:leap:15.2:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::

Configuration 6 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html	Exploit Third Party Advisory VDB Entry
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html	Release Notes Vendor Advisory
https://crbug.com/1076703	Exploit Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/
https://security.gentoo.org/glsa/202007-08	Third Party Advisory
https://security.gentoo.org/glsa/202007-64	Third Party Advisory
https://security.gentoo.org/glsa/202101-30	Third Party Advisory
https://support.apple.com/kb/HT211288	Third Party Advisory
https://support.apple.com/kb/HT211290	Third Party Advisory
https://support.apple.com/kb/HT211291	Third Party Advisory
https://support.apple.com/kb/HT211292	Third Party Advisory
https://usn.ubuntu.com/4443-1/	Third Party Advisory
https://www.debian.org/security/2020/dsa-4736	Third Party Advisory
https://www.debian.org/security/2020/dsa-4740	Third Party Advisory
https://www.debian.org/security/2021/dsa-4824	Third Party Advisory