CVE-2020-9746

Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
adobeCNA
7 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
adobeflash_player
𝑥
≤ 32.0.0.433
adobeflash_player
𝑥
< 32.0.0.433
adobeflash_player
𝑥
< 32.0.0.387
adobeflash_player
𝑥
< 32.0.0.387
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
focal
Fixed 1:20201013.1-0ubuntu0.20.04.1
released
bionic
Fixed 1:20201013.1-0ubuntu0.18.04.1
released
xenial
Fixed 1:20201013.1-0ubuntu0.16.04.1
released
trusty
dne
flashplugin-nonfree
focal
Fixed 32.0.0.445ubuntu0.20.04.1
released
bionic
Fixed 32.0.0.445ubuntu0.18.04.1
released
xenial
Fixed 32.0.0.445ubuntu0.16.04.1
released
trusty
dne
Common Weakness Enumeration
References
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html