Candidate: CVE-2020-9746
PublicDate: 2020-10-14 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9746
 https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
Description:
 Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an
 exploitable NULL pointer dereference vulnerability that could result in a
 crash and arbitrary code execution. Exploitation of this issue requires an
 attacker to insert malicious strings in an HTTP response that is by default
 delivered over TLS/SSL.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: chriscoulson
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_flashplugin-nonfree:
upstream_flashplugin-nonfree: needs-triage
precise/esm_flashplugin-nonfree: DNE
trusty_flashplugin-nonfree: ignored (out of standard support)
trusty/esm_flashplugin-nonfree: DNE
xenial_flashplugin-nonfree: released (32.0.0.445ubuntu0.16.04.1)
bionic_flashplugin-nonfree: released (32.0.0.445ubuntu0.18.04.1)
focal_flashplugin-nonfree: released (32.0.0.445ubuntu0.20.04.1)
devel_flashplugin-nonfree: DNE

Patches_adobe-flashplugin:
upstream_adobe-flashplugin: needs-triage
precise/esm_adobe-flashplugin: DNE
trusty_adobe-flashplugin: ignored (out of standard support)
trusty/esm_adobe-flashplugin: DNE
xenial_adobe-flashplugin: released (1:20201013.1-0ubuntu0.16.04.1)
bionic_adobe-flashplugin: released (1:20201013.1-0ubuntu0.18.04.1)
focal_adobe-flashplugin: released (1:20201013.1-0ubuntu0.20.04.1)
devel_adobe-flashplugin: released (1:20201013.1-0ubuntu1)