CVE-2019-20503

usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/49 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/52 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/55 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/59 Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0815 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0816 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0819 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0820 Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1992 Exploit Patch Vendor Advisory
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html Third Party Advisory
https://crbug.com/1059349 Third Party Advisory
https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467 Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/ Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202003-02 Third Party Advisory
https://security.gentoo.org/glsa/202003-10 Third Party Advisory
https://support.apple.com/HT211168 Third Party Advisory
https://support.apple.com/HT211171 Third Party Advisory
https://support.apple.com/HT211175 Third Party Advisory
https://support.apple.com/HT211177 Third Party Advisory
https://support.apple.com/kb/HT211168 Third Party Advisory
https://support.apple.com/kb/HT211171 Third Party Advisory
https://support.apple.com/kb/HT211175 Third Party Advisory
https://support.apple.com/kb/HT211177 Third Party Advisory
https://usn.ubuntu.com/4299-1/ Third Party Advisory
https://usn.ubuntu.com/4328-1/ Third Party Advisory
https://usn.ubuntu.com/4335-1/ Third Party Advisory
https://www.debian.org/security/2020/dsa-4639 Third Party Advisory
https://www.debian.org/security/2020/dsa-4642 Third Party Advisory
https://www.debian.org/security/2020/dsa-4645 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/49 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/52 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/55 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2020/May/59 Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0815 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0816 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0819 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0820 Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1992 Exploit Patch Vendor Advisory
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html Third Party Advisory
https://crbug.com/1059349 Third Party Advisory
https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467 Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/ Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202003-02 Third Party Advisory
https://security.gentoo.org/glsa/202003-10 Third Party Advisory
https://support.apple.com/HT211168 Third Party Advisory
https://support.apple.com/HT211171 Third Party Advisory
https://support.apple.com/HT211175 Third Party Advisory
https://support.apple.com/HT211177 Third Party Advisory
https://support.apple.com/kb/HT211168 Third Party Advisory
https://support.apple.com/kb/HT211171 Third Party Advisory
https://support.apple.com/kb/HT211175 Third Party Advisory
https://support.apple.com/kb/HT211177 Third Party Advisory
https://usn.ubuntu.com/4299-1/ Third Party Advisory
https://usn.ubuntu.com/4328-1/ Third Party Advisory
https://usn.ubuntu.com/4335-1/ Third Party Advisory
https://www.debian.org/security/2020/dsa-4639 Third Party Advisory
https://www.debian.org/security/2020/dsa-4642 Third Party Advisory
https://www.debian.org/security/2020/dsa-4645 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:usrsctp_project:usrsctp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

History

21 Nov 2024, 04:38

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2020/May/49 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2020/May/49 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2020/May/52 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2020/May/52 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2020/May/55 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2020/May/55 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2020/May/59 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2020/May/59 - Mailing List, Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2020:0815 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2020:0815 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2020:0816 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2020:0816 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2020:0819 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2020:0819 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2020:0820 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2020:0820 - Third Party Advisory
References () https://bugs.chromium.org/p/project-zero/issues/detail?id=1992 - Exploit, Patch, Vendor Advisory () https://bugs.chromium.org/p/project-zero/issues/detail?id=1992 - Exploit, Patch, Vendor Advisory
References () https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html - Third Party Advisory () https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html - Third Party Advisory
References () https://crbug.com/1059349 - Third Party Advisory () https://crbug.com/1059349 - Third Party Advisory
References () https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467 - Patch, Third Party Advisory () https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467 - Patch, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/ - Mailing List, Third Party Advisory
References () https://security.gentoo.org/glsa/202003-02 - Third Party Advisory () https://security.gentoo.org/glsa/202003-02 - Third Party Advisory
References () https://security.gentoo.org/glsa/202003-10 - Third Party Advisory () https://security.gentoo.org/glsa/202003-10 - Third Party Advisory
References () https://support.apple.com/HT211168 - Third Party Advisory () https://support.apple.com/HT211168 - Third Party Advisory
References () https://support.apple.com/HT211171 - Third Party Advisory () https://support.apple.com/HT211171 - Third Party Advisory
References () https://support.apple.com/HT211175 - Third Party Advisory () https://support.apple.com/HT211175 - Third Party Advisory
References () https://support.apple.com/HT211177 - Third Party Advisory () https://support.apple.com/HT211177 - Third Party Advisory
References () https://support.apple.com/kb/HT211168 - Third Party Advisory () https://support.apple.com/kb/HT211168 - Third Party Advisory
References () https://support.apple.com/kb/HT211171 - Third Party Advisory () https://support.apple.com/kb/HT211171 - Third Party Advisory
References () https://support.apple.com/kb/HT211175 - Third Party Advisory () https://support.apple.com/kb/HT211175 - Third Party Advisory
References () https://support.apple.com/kb/HT211177 - Third Party Advisory () https://support.apple.com/kb/HT211177 - Third Party Advisory
References () https://usn.ubuntu.com/4299-1/ - Third Party Advisory () https://usn.ubuntu.com/4299-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4328-1/ - Third Party Advisory () https://usn.ubuntu.com/4328-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4335-1/ - Third Party Advisory () https://usn.ubuntu.com/4335-1/ - Third Party Advisory
References () https://www.debian.org/security/2020/dsa-4639 - Third Party Advisory () https://www.debian.org/security/2020/dsa-4639 - Third Party Advisory
References () https://www.debian.org/security/2020/dsa-4642 - Third Party Advisory () https://www.debian.org/security/2020/dsa-4642 - Third Party Advisory
References () https://www.debian.org/security/2020/dsa-4645 - Third Party Advisory () https://www.debian.org/security/2020/dsa-4645 - Third Party Advisory

27 Jun 2024, 12:46

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html - () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html - () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html - () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html - () http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2020/May/49 - () http://seclists.org/fulldisclosure/2020/May/49 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2020/May/52 - () http://seclists.org/fulldisclosure/2020/May/52 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2020/May/55 - () http://seclists.org/fulldisclosure/2020/May/55 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2020/May/59 - () http://seclists.org/fulldisclosure/2020/May/59 - Mailing List, Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2020:0815 - () https://access.redhat.com/errata/RHSA-2020:0815 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2020:0816 - () https://access.redhat.com/errata/RHSA-2020:0816 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2020:0819 - () https://access.redhat.com/errata/RHSA-2020:0819 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2020:0820 - () https://access.redhat.com/errata/RHSA-2020:0820 - Third Party Advisory
References () https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html - () https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html - Third Party Advisory
References () https://crbug.com/1059349 - () https://crbug.com/1059349 - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html - () https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html - () https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html - () https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/ - Mailing List, Third Party Advisory
References () https://security.gentoo.org/glsa/202003-02 - () https://security.gentoo.org/glsa/202003-02 - Third Party Advisory
References () https://security.gentoo.org/glsa/202003-10 - () https://security.gentoo.org/glsa/202003-10 - Third Party Advisory
References () https://support.apple.com/HT211168 - () https://support.apple.com/HT211168 - Third Party Advisory
References () https://support.apple.com/HT211171 - () https://support.apple.com/HT211171 - Third Party Advisory
References () https://support.apple.com/HT211175 - () https://support.apple.com/HT211175 - Third Party Advisory
References () https://support.apple.com/HT211177 - () https://support.apple.com/HT211177 - Third Party Advisory
References () https://support.apple.com/kb/HT211168 - () https://support.apple.com/kb/HT211168 - Third Party Advisory
References () https://support.apple.com/kb/HT211171 - () https://support.apple.com/kb/HT211171 - Third Party Advisory
References () https://support.apple.com/kb/HT211175 - () https://support.apple.com/kb/HT211175 - Third Party Advisory
References () https://support.apple.com/kb/HT211177 - () https://support.apple.com/kb/HT211177 - Third Party Advisory
References () https://usn.ubuntu.com/4299-1/ - () https://usn.ubuntu.com/4299-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4328-1/ - () https://usn.ubuntu.com/4328-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4335-1/ - () https://usn.ubuntu.com/4335-1/ - Third Party Advisory
References () https://www.debian.org/security/2020/dsa-4639 - () https://www.debian.org/security/2020/dsa-4639 - Third Party Advisory
References () https://www.debian.org/security/2020/dsa-4642 - () https://www.debian.org/security/2020/dsa-4642 - Third Party Advisory
References () https://www.debian.org/security/2020/dsa-4645 - () https://www.debian.org/security/2020/dsa-4645 - Third Party Advisory
First Time Debian
Debian debian Linux
Canonical ubuntu Linux
Canonical
CPE cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

07 Jul 2023, 01:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html -

Information

Published : 2020-03-06 20:15

Updated : 2024-11-21 04:38


NVD link : CVE-2019-20503

Mitre link : CVE-2019-20503

CVE.ORG link : CVE-2019-20503


JSON object : View

Products Affected

debian

  • debian_linux

usrsctp_project

  • usrsctp

canonical

  • ubuntu_linux
CWE
CWE-125

Out-of-bounds Read