Описание
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libusrsctp | fixed | 0.9.3.0+20200312-1 | package | |
| firefox | fixed | 74.0-1 | package | |
| firefox-esr | fixed | 68.6.0esr-1 | package | |
| thunderbird | fixed | 1:68.6.0-1 | package | |
| chromium | fixed | 80.0.3987.149-1 | package | |
| chromium | end-of-life | stretch | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
EPSS
Связанные уязвимости
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
EPSS