CVE-2019-20503 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	An out-of-bounds read has been found in Firefox before 74, Thunderbird before 68.6 and chromium before 80.0.3987.149. The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk.

Group	Package	Affected	Fixed	Severity	Status
AVG-1118	chromium	80.0.3987.132-2	80.0.3987.149-1	High	Fixed
AVG-1115	thunderbird	68.5.0-1	68.6.0-1	Critical	Fixed
AVG-1112	firefox	73.0.1-1	74.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
11 Mar 2020	ASA-202003-8	AVG-1112	firefox	Critical	multiple issues
19 Mar 2020	ASA-202003-12	AVG-1118	chromium	High	multiple issues
16 Mar 2020	ASA-202003-11	AVG-1115	thunderbird	Critical	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503 https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503 https://bugzilla.mozilla.org/show_bug.cgi?id=1613765 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html https://crbug.com/1059349

References

https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503
https://bugzilla.mozilla.org/show_bug.cgi?id=1613765
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
https://crbug.com/1059349