The Mozilla Foundation Security Advisory describes this flaw as: The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk.

References

bugzilla.redhat.com/show_bug.cgi?id=1812203

nvd.nist.gov/vuln/detail/CVE-2019-20503

www.cve.org/CVERecord?id=CVE-2019-20503

www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503

osv 7

debian 7

nessus 62

cbl_mariner 2

cve 1

veracode 2

alpinelinux 1

ubuntucve 1

prion 1

debiancve 1

suse 4

oraclelinux 6

openvas 28

centos 4

mageia 3

redhat 9

kaspersky 5

archlinux 3

amazon 1

mozilla 3

altlinux 2

slackware 2

fedora 3

chrome 1

apple 8

ubuntu 3

gentoo 2

mscve 1

osv

CVE-2019-20503

2020-03-06 20:15:12

libusrsctp - security update

2023-07-06 00:00:00

firefox-esr - security update

2020-03-11 00:00:00

debian

[SECURITY] [DLA 3481-1] libusrsctp security update

2023-07-06 22:25:50

[SECURITY] [DLA 2150-1] thunderbird security update

2020-03-20 10:00:10

[SECURITY] [DSA 4639-1] firefox-esr security update

2020-03-11 19:17:38

nessus

Debian DLA-3481-1 : libusrsctp - LTS security update

2023-07-18 00:00:00

openSUSE Security Update : MozillaFirefox (openSUSE-2020-340)

2020-03-16 00:00:00

RHEL 8 : firefox (RHSA-2020:0820)

2020-03-18 00:00:00

cbl_mariner

CVE-2019-20503 affecting package usrsctp 0.9.5.0-1

2022-06-26 03:29:33

CVE-2019-20503 affecting package usrsctp 0.9.5.0-1

2024-03-19 17:21:46

cve

CVE-2019-20503

2020-03-06 20:15:00

veracode

Denial Of Service (DoS)

2021-03-09 04:21:44

Denial Of Service (DoS)

2020-08-06 21:30:22

alpinelinux

CVE-2019-20503

2020-03-06 20:15:00

ubuntucve

CVE-2019-20503

2020-03-06 00:00:00

prion

Out-of-bounds

2020-03-06 20:15:00

debiancve

CVE-2019-20503

2020-03-06 20:15:00

suse

Security update for MozillaThunderbird (important)

2020-03-22 00:00:00

Security update for MozillaFirefox (important)

2020-03-14 00:00:00

Security update for chromium (important)

2020-03-27 00:00:00

oraclelinux

thunderbird security update

2020-03-23 00:00:00

firefox security update

2020-03-17 00:00:00

thunderbird security update

2020-07-07 00:00:00

openvas

Debian LTS: Security Advisory for firefox-esr (DLA-2140-1)

2020-03-18 00:00:00

Debian: Security Advisory for firefox-esr (DSA-4639-1)

2020-03-18 00:00:00

CentOS: Security Advisory for firefox (CESA-2020:0815)

2020-03-26 00:00:00

centos

firefox security update

2020-03-25 19:17:41

thunderbird security update

2020-03-25 19:17:21

thunderbird security update

2020-03-25 19:18:41

mageia

Updated thunderbird packages fix security vulnerabilities

2020-03-14 11:35:35

Updated firefox packages fix security vulnerabilities

2020-03-14 11:35:35

Updated chromium-browser-stable packages fix security vulnerability

2020-04-01 04:56:57

redhat

(RHSA-2020:0918) Important: thunderbird security update

2020-03-23 07:49:11

(RHSA-2020:0914) Important: thunderbird security update

2020-03-23 07:29:42

(RHSA-2020:0816) Important: firefox security update

2020-03-16 08:03:23

kaspersky

KLA11701 Multiple vulnerabilities in Mozilla Thunderbird

2020-03-10 00:00:00

KLA11688 Multiple vulnerabilities in Mozilla Firefox ESR

2020-03-10 00:00:00

KLA11724 Multiple vulnerabilities in Opera

2020-03-27 00:00:00

archlinux

[ASA-202003-11] thunderbird: multiple issues

2020-03-16 00:00:00

[ASA-202003-12] chromium: multiple issues

2020-03-19 00:00:00

[ASA-202003-8] firefox: multiple issues

2020-03-11 00:00:00

amazon

Important: thunderbird

2020-04-20 20:48:00

mozilla

Security Vulnerabilities fixed in Thunderbird 68.6 — Mozilla

2020-03-10 00:00:00

Security Vulnerabilities fixed in Firefox ESR 68.6 — Mozilla

2020-03-10 00:00:00

Security Vulnerabilities fixed in Firefox 74 — Mozilla

2020-03-10 00:00:00

altlinux

Security fix for the ALT Linux 10 package thunderbird version 68.6.0-alt1

2020-03-14 00:00:00

Security fix for the ALT Linux 10 package firefox-esr version 68.6.0-alt1

2020-03-10 00:00:00

slackware

[slackware-security] mozilla-thunderbird

2020-03-13 21:47:41

[slackware-security] mozilla-firefox

2020-03-10 20:37:32

fedora

[SECURITY] Fedora 32 Update: chromium-80.0.3987.149-1.fc32

2020-03-27 08:04:11

[SECURITY] Fedora 31 Update: chromium-80.0.3987.149-1.fc31

2020-03-24 01:49:34

[SECURITY] Fedora 30 Update: chromium-80.0.3987.149-1.fc30

2020-03-27 10:46:23

chrome

Stable Channel Update for Desktop

2020-03-18 00:00:00

apple

About the security content of Safari 13.1.1 - Apple Support

2020-05-27 12:42:27

About the security content of Safari 13.1.1

2020-05-26 00:00:00

About the security content of tvOS 13.4.5 - Apple Support

2020-09-21 04:33:14

ubuntu

Firefox vulnerabilities

2020-03-11 00:00:00

Thunderbird vulnerabilities

2020-04-13 00:00:00

Thunderbird vulnerabilities

2020-04-21 00:00:00

gentoo

Mozilla Firefox: Multiple vulnerabilities

2020-03-12 00:00:00

Mozilla Thunderbird: Multiple vulnerabilities

2020-03-14 00:00:00

mscve

Chromium Security Updates for Microsoft Edge (Chromium-Based)

2020-01-28 08:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for RH:CVE-2019-20503