[Forgot Password]
Login  Register Subscribe

25354

 
 

132811

 
 

144711

 
 

909

 
 

116351

 
 

156

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2019-20503Date: (C)2020-03-09   (M)2020-06-01


usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.5CVSS Score : 4.3
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
http://seclists.org/fulldisclosure/2020/May/49
http://seclists.org/fulldisclosure/2020/May/59
http://seclists.org/fulldisclosure/2020/May/55
http://seclists.org/fulldisclosure/2020/May/52
DSA-4639
DSA-4642
DSA-4645
FEDORA-2020-17149a4f3d
FEDORA-2020-39e0b8bd14
FEDORA-2020-7fd051b378
GLSA-202003-02
GLSA-202003-10
RHSA-2020:0815
RHSA-2020:0816
RHSA-2020:0819
RHSA-2020:0820
USN-4299-1
USN-4328-1
USN-4335-1
https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
https://crbug.com/1059349
https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
https://support.apple.com/kb/HT211168
https://support.apple.com/kb/HT211171
https://support.apple.com/kb/HT211175
https://support.apple.com/kb/HT211177
openSUSE-SU-2020:0340
openSUSE-SU-2020:0365
openSUSE-SU-2020:0366
openSUSE-SU-2020:0389

CWE    1
CWE-125
OVAL    36
oval:org.secpod.oval:def:63488
oval:org.secpod.oval:def:705434
oval:org.secpod.oval:def:503567
oval:org.secpod.oval:def:205464
...

© SecPod Technologies