Описание
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
Меры по смягчению последствий
Thunderbird can be configured to use icaljs instead of libical by setting calendar.icaljs = true in preferences, mitigating this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libical | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libical | Not affected | ||
| Red Hat Enterprise Linux 8 | libical | Not affected | ||
| Red Hat Enterprise Linux 6 | thunderbird | Fixed | RHSA-2019:1624 | 27.06.2019 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2019:1626 | 27.06.2019 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2019:1623 | 27.06.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ...
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
Уязвимость функции icalmemory_strdup_and_dequote календаря iCal программного обеспечения для работы с электронной почтой Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании
EPSS
9.8 Critical
CVSS3