PT-2024-11103 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is caused by a transport use-after-free problem in the Linux kernel's SCTP implementation. When processing a duplicate COOKIE-ECHO chunk in sctp sf do dupcook a, both...

The vulnerability affects the implementation of the COOKIE-ECHO extension for WebRTC browsers such as Google Chrome, Mozilla Firefox, Firefox ESR, and Firefox for Android. This vulnerability allows a perpetrator to cause a service failure or execute arbitrary code.

The vulnerability of the COOKIE-ECHO extension implementation in WebRTC browsers such as Google Chrome, Mozilla Firefox, Firefox ESR, and Firefox for Android is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure or...

CentOS 8 : thunderbird (CESA-2021:0089)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:0089 advisory. - Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk CVE-2020-16044 Note that Nessus has not tested for this issue but has instead...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

CentOS 7 : thunderbird (RHSA-2021:0087)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0087 advisory. - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

CentOS 7 : firefox (RHSA-2021:0053)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0053 advisory. - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

MGASA-2021-0027 Updated thunderbird packages fix a security vulnerability

Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk. CVE-2020-16044 See upstream releasenotes for other changes...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:0072-1)

This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.6.1 ESR - Fixed: Critical security issue MFSA 2021-01 bsc1180623 - CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Note that Tenable Network Security has extracted...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2021:0053)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:0053-1 advisory. - Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk CVE-2020-16044 Note that Nessus has not tested for this issue but has...

Security Vulnerabilities fixed in Thunderbird 78.6.1 — Mozilla

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code...

Mozilla Firefox < 84.0.2

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 84.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-01 advisory. - A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a...