Note:
This project will be discontinued after December 13, 2021. [more]
2020-05-26
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Products | Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird, Leap |
Type | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120) |
First patch | - None (likely due to unavailable code) |
Links |
• http://packetstormsecurity.com/files/158480/usrsctp-Stack-Buffer-Overflow.html
• https://www.mozilla.org/security/advisories/mfsa2020-16/ • https://security.gentoo.org/glsa/202005-03 • https://security.gentoo.org/glsa/202005-04 • https://usn.ubuntu.com/4373-1/ |