CVE-2019-20503 log

Severity Medium
Remote Yes
Type Information disclosure
An out-of-bounds read has been found in Firefox before 74, Thunderbird before 68.6 and chromium before 80.0.3987.149. The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk.
Group Package Affected Fixed Severity Status Ticket
AVG-1118 chromium 80.0.3987.132-2 80.0.3987.149-1 High Fixed
AVG-1115 thunderbird 68.5.0-1 68.6.0-1 Critical Fixed
AVG-1112 firefox 73.0.1-1 74.0-1 Critical Fixed
Date Advisory Group Package Severity Type
11 Mar 2020 ASA-202003-8 AVG-1112 firefox Critical multiple issues
19 Mar 2020 ASA-202003-12 AVG-1118 chromium High multiple issues
16 Mar 2020 ASA-202003-11 AVG-1115 thunderbird Critical multiple issues