Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-26970

Опубликовано: 01 дек. 2020
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5thunderbirdOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2020:540014.12.2020
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2020:539814.12.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP SolutionsthunderbirdFixedRHSA-2020:564521.12.2020
Red Hat Enterprise Linux 8.1 Extended Update SupportthunderbirdFixedRHSA-2020:564421.12.2020
Red Hat Enterprise Linux 8.2 Extended Update SupportthunderbirdFixedRHSA-2020:539914.12.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1903443Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes

EPSS

Процентиль: 59%
0.00378
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-26970

CVSS3: 8.8
ubuntu
около 5 лет назад

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.

nvd логотип

CVE-2020-26970

CVSS3: 8.8
nvd
около 5 лет назад

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.

debian логотип

CVE-2020-26970

CVSS3: 8.8
debian
около 5 лет назад

When reading SMTP server status codes, Thunderbird writes an integer v ...

suse-cvrf логотип

SUSE-SU-2020:3642-1

suse-cvrf
около 5 лет назад

Security update for MozillaThunderbird

github логотип

GHSA-w8wp-h42w-f3m4

github
больше 3 лет назад

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.

EPSS

Процентиль: 59%
0.00378
Низкий

8.8 High

CVSS3