Описание
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
Меры по смягчению последствий
Thunderbird can be configured to use icaljs instead of libical by setting calendar.icaljs = true in preferences, mitigating this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libical | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libical | Not affected | ||
| Red Hat Enterprise Linux 8 | libical | Not affected | ||
| Red Hat Enterprise Linux 6 | thunderbird | Fixed | RHSA-2019:1624 | 27.06.2019 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2019:1626 | 27.06.2019 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2019:1623 | 27.06.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
A flaw in Thunderbird's implementation of iCal causes a stack buffer o ...
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
Уязвимость библиотеки libical почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
9.8 Critical
CVSS3