CVE-2020-9746
Publication date 14 October 2020
Last updated 24 July 2024
Ubuntu priority
Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| adobe-flashplugin | 20.04 LTS focal |
Fixed 1:20201013.1-0ubuntu0.20.04.1
|
| 18.04 LTS bionic |
Fixed 1:20201013.1-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial |
Fixed 1:20201013.1-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| flashplugin-nonfree | 20.04 LTS focal |
Fixed 32.0.0.445ubuntu0.20.04.1
|
| 18.04 LTS bionic |
Fixed 32.0.0.445ubuntu0.18.04.1
|
|
| 16.04 LTS xenial |
Fixed 32.0.0.445ubuntu0.16.04.1
|
|
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |