Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-26970
HistoryDec 09, 2020 - 12:00 a.m.

CVE-2020-26970

2020-12-0900:00:00
ubuntu.com
ubuntu.com
14
thunderbird
smtp
server
status codes
stack corruption
vulnerability
thunderbird 78.5.1
exploit
bugs
launchpad
unix

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.8%

When reading SMTP server status codes, Thunderbird writes an integer value
to a position on the stack that is intended to contain just one byte.
Depending on processor architecture and stack layout, this leads to stack
corruption that may be exploitable. This vulnerability affects Thunderbird
< 78.5.1.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchthunderbird< 1:78.8.1+build1-0ubuntu0.18.04.1UNKNOWN
ubuntu20.04noarchthunderbird< 1:78.7.1+build1-0ubuntu0.20.04.1UNKNOWN
ubuntu20.10noarchthunderbird< 1:78.6.1+build1-0ubuntu0.20.10.1UNKNOWN
ubuntu21.04noarchthunderbird< 1:78.5.1+build1-0ubuntu1UNKNOWN
ubuntu21.10noarchthunderbird< 1:78.5.1+build1-0ubuntu1UNKNOWN
ubuntu22.04noarchthunderbird< 1:78.5.1+build1-0ubuntu1UNKNOWN
ubuntu22.10noarchthunderbird< 1:78.5.1+build1-0ubuntu1UNKNOWN
ubuntu23.04noarchthunderbird< 1:78.5.1+build1-0ubuntu1UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.8%