CVE-2019-20503 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
An out-of-bounds read has been found in Firefox before 74, Thunderbird before 68.6 and chromium before 80.0.3987.149. The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk.
Group Package Affected Fixed Severity Status Ticket
AVG-1118 chromium 80.0.3987.132-2 80.0.3987.149-1 High Fixed
AVG-1115 thunderbird 68.5.0-1 68.6.0-1 Critical Fixed
AVG-1112 firefox 73.0.1-1 74.0-1 Critical Fixed
Date Advisory Group Package Severity Description
11 Mar 2020 ASA-202003-8 AVG-1112 firefox Critical multiple issues
19 Mar 2020 ASA-202003-12 AVG-1118 chromium High multiple issues
16 Mar 2020 ASA-202003-11 AVG-1115 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503
https://bugzilla.mozilla.org/show_bug.cgi?id=1613765
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
https://crbug.com/1059349