---

CVE-2019-20503 - log back

CVE-2019-20503 edited at 19 Mar 2020 09:46:18
Description	- An out-of-bounds read has been found in Firefox before 74 and Thunderbird before 68.6. The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk. + An out-of-bounds read has been found in Firefox before 74, Thunderbird before 68.6 and chromium before 80.0.3987.149. The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk.
References	https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503 https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503 https://bugzilla.mozilla.org/show_bug.cgi?id=1613765 + https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html + https://crbug.com/1059349

CVE-2019-20503 edited at 16 Mar 2020 11:33:38
Description	- An out-of-bounds read has been found in Firefox before 74. The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk. + An out-of-bounds read has been found in Firefox before 74 and Thunderbird before 68.6. The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk.
References	https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503 https://bugzilla.mozilla.org/show_bug.cgi?id=1613765

CVE-2019-20503 edited at 11 Mar 2020 11:04:30
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ An out-of-bounds read has been found in Firefox before 74. The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503 + https://bugzilla.mozilla.org/show_bug.cgi?id=1613765
Notes

CVE-2019-20503 created at 11 Mar 2020 10:25:09