4.3
CVSSv2

CVE-2019-20503

Published: 06/03/2020 Updated: 12/03/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

usrsctp prior to 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

Vulnerability Trend

Affected Products

Vendor Product Versions
Usrsctp ProjectUsrsctp0.9.3.0

Vendor Advisories

Debian Bug report logs - #953270 libusrsctp: CVE-2019-20503 Package: src:libusrsctp; Maintainer for src:libusrsctp is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 6 Mar 2020 20:48:02 UTC Severity: grave Tags: security, upstream Fou ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Topic An update for firefox is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Important: chromium-browser security update Type/Severity Security Advisory: Important Topic An update for chromium-browser is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
An out-of-bounds read has been found in Firefox before 74 The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk ...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code For the oldstable distribution (stretch), these problems have been fixed in version 6860esr-1~deb9u1 For the stable distribution (buster), these problems have been fixed in version 6860esr-1~deb10u1 W ...
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code For the oldstable distribution (stretch), these problems have been fixed in version 1:6860-1~deb9u1 For the stable distribution (buster), these problems have been fixed in version 1:6860-1~deb10u1 We recommend that you up ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Several vulnerabilities have been discovered in the chromium web browser CVE-2019-20503 Natalie Silvanovich discovered an out-of-bounds read issue in the usrsctp library CVE-2020-6422 David Manouchehri discovered a use-after-free issue in the WebGL implementation CVE-2020-6424 Sergei Glazunov discovered a use-after-free issue ...
Arch Linux Security Advisory ASA-202003-11 ========================================== Severity: Critical Date : 2020-03-16 CVE-ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Package : thunderbird Type : multiple issues Remote : Yes Link : securityarchlinuxorg/ ...
Arch Linux Security Advisory ASA-202003-12 ========================================== Severity: High Date : 2020-03-19 CVE-ID : CVE-2019-20503 CVE-2020-6422 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2020-6449 Package : chromium Type : multiple issues Remote : Yes Link : ...
Arch Linux Security Advisory ASA-202003-8 ========================================= Severity: Critical Date : 2020-03-11 CVE-ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6808 CVE-2020-6809 CVE-2020-6810 CVE-2020-6811 CVE-2020-6812 CVE-2020-6813 CVE-2020-6814 CVE-2020-6815 Package : firefox Type ...
The stable channel has been updated to 8003987149 for Windows, Mac, and Linux, which will roll out over the coming days/weeks A list of all changes is available in the log Interested in switching release channels? Find out how If you find a new issue, please let us know by filing a bug The community help forum is also a great place to ...