Veracode Vulnerability DatabaseVERACODE:29607Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
chromium is vulnerable to denial of service. An out-of-bounds read in sctp_load_addresses_from_init in usrsctp allows an attacker to crash the application.
| CPE | Name | Operator | Version |
|---|---|---|---|
| chromium:3.11 | le | 79.0.3945.130-r0 | |
| chromium:3.11 | le | 79.0.3945.130-r0 |
References
lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html
lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html
lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html
seclists.org/fulldisclosure/2020/May/49
seclists.org/fulldisclosure/2020/May/52
seclists.org/fulldisclosure/2020/May/55
seclists.org/fulldisclosure/2020/May/59
access.redhat.com/errata/RHSA-2020:0815
access.redhat.com/errata/RHSA-2020:0816
access.redhat.com/errata/RHSA-2020:0819
access.redhat.com/errata/RHSA-2020:0820
bugs.chromium.org/p/project-zero/issues/detail?id=1992
bugzilla.mozilla.org/show_bug.cgi?id=1613765
chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
crbug.com/1059349
github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
lists.debian.org/debian-lts-announce/2020/03/msg00013.html
lists.debian.org/debian-lts-announce/2020/03/msg00023.html
lists.fedoraproject.org/archives/list/[email protected]/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/
lists.fedoraproject.org/archives/list/[email protected]/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
lists.fedoraproject.org/archives/list/[email protected]/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/
security.gentoo.org/glsa/202003-02
security.gentoo.org/glsa/202003-10
support.apple.com/HT211168
support.apple.com/HT211171
support.apple.com/HT211175
support.apple.com/HT211177
support.apple.com/kb/HT211168
support.apple.com/kb/HT211171
support.apple.com/kb/HT211175
support.apple.com/kb/HT211177
usn.ubuntu.com/4299-1/
usn.ubuntu.com/4328-1/
usn.ubuntu.com/4335-1/
www.debian.org/security/2020/dsa-4639
www.debian.org/security/2020/dsa-4642
www.debian.org/security/2020/dsa-4645
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P