usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html
http://seclists.org/fulldisclosure/2020/May/49
http://seclists.org/fulldisclosure/2020/May/52
http://seclists.org/fulldisclosure/2020/May/55
http://seclists.org/fulldisclosure/2020/May/59
https://access.redhat.com/errata/RHSA-2020:0815
https://access.redhat.com/errata/RHSA-2020:0816
https://access.redhat.com/errata/RHSA-2020:0819
https://access.redhat.com/errata/RHSA-2020:0820
https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html
https://security.gentoo.org/glsa/202003-02
https://security.gentoo.org/glsa/202003-10
https://support.apple.com/HT211168
https://support.apple.com/HT211171
https://support.apple.com/HT211175
https://support.apple.com/HT211177
https://support.apple.com/kb/HT211168
https://support.apple.com/kb/HT211171
https://support.apple.com/kb/HT211175
https://support.apple.com/kb/HT211177
https://usn.ubuntu.com/4299-1/
https://usn.ubuntu.com/4328-1/
https://usn.ubuntu.com/4335-1/
https://www.debian.org/security/2020/dsa-4639
Source: MITRE
Published: 2020-03-06
Updated: 2020-06-11
Type: CWE-125
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
147407 | NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004) | Nessus | NewStart CGSL Local Security Checks | critical |
147312 | NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002) | Nessus | NewStart CGSL Local Security Checks | critical |
145948 | CentOS 8 : thunderbird (CESA-2020:0919) | Nessus | CentOS Local Security Checks | high |
145866 | CentOS 8 : firefox (CESA-2020:0820) | Nessus | CentOS Local Security Checks | high |
143979 | NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0093) | Nessus | NewStart CGSL Local Security Checks | critical |
143948 | NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0097) | Nessus | NewStart CGSL Local Security Checks | critical |
141402 | NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0042) | Nessus | NewStart CGSL Local Security Checks | high |
140292 | NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0039) | Nessus | NewStart CGSL Local Security Checks | high |
140291 | NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0046) | Nessus | NewStart CGSL Local Security Checks | high |
140283 | NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0047) | Nessus | NewStart CGSL Local Security Checks | high |
138215 | Microsoft Edge (Chromium) < 80.0.361.69 Multiple Vulnerabilities | Nessus | Windows | high |
136920 | Apple iOS < 13.5 Multiple Vulnerabilities | Nessus | Mobile Devices | high |
135932 | Amazon Linux 2 : thunderbird (ALAS-2020-1414) | Nessus | Amazon Linux Local Security Checks | high |
135896 | Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1) | Nessus | Ubuntu Local Security Checks | high |
135455 | Ubuntu 18.04 LTS / 19.10 : Thunderbird vulnerabilities (USN-4328-1) | Nessus | Ubuntu Local Security Checks | high |
135086 | RHEL 6 : chromium-browser (RHSA-2020:1270) | Nessus | Red Hat Local Security Checks | high |
134990 | Fedora 30 : chromium (2020-39e0b8bd14) | Nessus | Fedora Local Security Checks | high |
134914 | CentOS 6 : thunderbird (CESA-2020:0914) | Nessus | CentOS Local Security Checks | high |
134911 | CentOS 7 : thunderbird (CESA-2020:0905) | Nessus | CentOS Local Security Checks | high |
134901 | CentOS 6 : firefox (CESA-2020:0816) | Nessus | CentOS Local Security Checks | high |
134900 | CentOS 7 : firefox (CESA-2020:0815) | Nessus | CentOS Local Security Checks | high |
134886 | Oracle Linux 8 : thunderbird (ELSA-2020-0919) | Nessus | Oracle Linux Local Security Checks | high |
134869 | RHEL 6 : thunderbird (RHSA-2020:0914) | Nessus | Red Hat Local Security Checks | high |
134868 | RHEL 8 : thunderbird (RHSA-2020:0918) | Nessus | Red Hat Local Security Checks | high |
134867 | RHEL 8 : thunderbird (RHSA-2020:0919) | Nessus | Red Hat Local Security Checks | high |
134848 | Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200323) | Nessus | Scientific Linux Local Security Checks | high |
134842 | Fedora 31 : chromium (2020-7fd051b378) | Nessus | Fedora Local Security Checks | high |
134839 | Debian DSA-4645-1 : chromium - security update | Nessus | Debian Local Security Checks | high |
134838 | RHEL 8 : firefox (RHSA-2020:0819) | Nessus | Red Hat Local Security Checks | high |
134831 | RHEL 7 : thunderbird (RHSA-2020:0905) | Nessus | Red Hat Local Security Checks | high |
134823 | openSUSE Security Update : MozillaThunderbird (openSUSE-2020-366) | Nessus | SuSE Local Security Checks | high |
134822 | openSUSE Security Update : chromium (openSUSE-2020-365) | Nessus | SuSE Local Security Checks | high |
134772 | Debian DSA-4642-1 : thunderbird - security update | Nessus | Debian Local Security Checks | high |
134767 | Debian DLA-2150-1 : thunderbird security update | Nessus | Debian Local Security Checks | high |
134756 | SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0717-1) | Nessus | SuSE Local Security Checks | high |
134754 | Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200319) | Nessus | Scientific Linux Local Security Checks | high |
134753 | Oracle Linux 7 : thunderbird (ELSA-2020-0905) | Nessus | Oracle Linux Local Security Checks | high |
134701 | Google Chrome < 80.0.3987.149 Multiple Vulnerabilities | Nessus | Windows | high |
134700 | Google Chrome < 80.0.3987.149 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | high |
134667 | RHEL 8 : firefox (RHSA-2020:0820) | Nessus | Red Hat Local Security Checks | high |
134666 | RHEL 6 : firefox (RHSA-2020:0816) | Nessus | Red Hat Local Security Checks | high |
134665 | RHEL 7 : firefox (RHSA-2020:0815) | Nessus | Red Hat Local Security Checks | high |
134647 | Scientific Linux Security Update : firefox on SL7.x x86_64 (20200316) | Nessus | Scientific Linux Local Security Checks | high |
134646 | Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200316) | Nessus | Scientific Linux Local Security Checks | high |
134644 | Oracle Linux 7 : firefox (ELSA-2020-0815) | Nessus | Oracle Linux Local Security Checks | high |
134623 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0686-1) | Nessus | SuSE Local Security Checks | high |
134617 | openSUSE Security Update : MozillaFirefox (openSUSE-2020-340) | Nessus | SuSE Local Security Checks | high |
134616 | Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-073-01) | Nessus | Slackware Local Security Checks | high |
134587 | GLSA-202003-10 : Mozilla Thunderbird: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
134469 | GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
134442 | Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : Firefox vulnerabilities (USN-4299-1) | Nessus | Ubuntu Local Security Checks | high |
134434 | Debian DSA-4639-1 : firefox-esr - security update | Nessus | Debian Local Security Checks | high |
134432 | Debian DLA-2140-1 : firefox-esr security update | Nessus | Debian Local Security Checks | high |
134407 | Mozilla Firefox ESR < 68.6 Multiple Vulnerabilities | Nessus | Windows | high |
134406 | Mozilla Firefox ESR < 68.6 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | high |
134405 | Mozilla Firefox < 74.0 Multiple Vulnerabilities | Nessus | Windows | high |
134404 | Mozilla Firefox < 74.0 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | high |
134396 | Slackware 14.2 / current : mozilla-firefox (SSA:2020-070-01) | Nessus | Slackware Local Security Checks | high |