6.5

CVE-2019-20503

Exploit
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Usrsctp ProjectUsrsctp Version < 0.9.4.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionesm
CanonicalUbuntu Linux Version19.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.16% 0.863
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://support.apple.com/kb/HT211168
Third Party Advisory
https://support.apple.com/kb/HT211171
Third Party Advisory
https://support.apple.com/kb/HT211175
Third Party Advisory
https://usn.ubuntu.com/4335-1/
Third Party Advisory
https://security.gentoo.org/glsa/202003-02
Third Party Advisory
https://security.gentoo.org/glsa/202003-10
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/May/49
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/May/55
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/May/59
Third Party Advisory
Mailing List
https://support.apple.com/HT211168
Third Party Advisory
https://support.apple.com/HT211171
Third Party Advisory
https://support.apple.com/HT211175
Third Party Advisory
https://usn.ubuntu.com/4328-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/May/52
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2020:0815
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0816
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0819
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0820
Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
Patch
Vendor Advisory
Exploit
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
Third Party Advisory
https://crbug.com/1059349
Third Party Advisory
https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/
Third Party Advisory
Mailing List
https://support.apple.com/HT211177
Third Party Advisory
https://support.apple.com/kb/HT211177
Third Party Advisory
https://usn.ubuntu.com/4299-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4639
Third Party Advisory
https://www.debian.org/security/2020/dsa-4642
Third Party Advisory
https://www.debian.org/security/2020/dsa-4645
Third Party Advisory