Описание
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | fixed | 76.0-1 | package | |
| firefox-esr | fixed | 68.8.0esr-1 | package | |
| thunderbird | fixed | 1:68.8.0-1 | package | |
| chromium | fixed | 83.0.4103.83-1 | package | |
| chromium | end-of-life | stretch | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-6831
https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831
https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831
EPSS
Связанные уязвимости
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Уязвимость механизма проверки фрагментов SCTP в WebRTC веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS