CVE-2020-9746
Publication date 14 October 2020
Last updated 25 August 2025
Ubuntu priority
Description
Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| adobe-flashplugin | 20.04 LTS focal | Not in release |
| 18.04 LTS bionic |
Fixed 1:20201013.1-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial |
Fixed 1:20201013.1-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| flashplugin-nonfree | 20.04 LTS focal |
Fixed 32.0.0.445ubuntu0.20.04.1
|
| 18.04 LTS bionic |
Fixed 32.0.0.445ubuntu0.18.04.1
|
|
| 16.04 LTS xenial |
Fixed 32.0.0.445ubuntu0.16.04.1
|
|
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |