Bug 1821676 (CVE-2020-6822) - CVE-2020-6822 Mozilla: Out of bounds write in GMPDecodeData when processing large images
Summary: CVE-2020-6822 Mozilla: Out of bounds write in GMPDecodeData when processing l...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-6822
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1820211 1820212 1820213 1820214 1820215 1820216 1823642 1823643 1823644 1823645 1823646 1823647 1823648
Blocks: 1820209
TreeView+ depends on / blocked
 
Reported: 2020-04-07 12:06 UTC by Marian Rehak
Modified: 2021-02-16 20:19 UTC (History)
5 users (show)

Fixed In Version: firefox 68.7, thunderbird 68.7.0
Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code.
Clone Of:
Environment:
Last Closed: 2020-04-08 16:31:53 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:1404 0 None None None 2020-04-08 13:36:21 UTC
Red Hat Product Errata RHSA-2020:1406 0 None None None 2020-04-08 16:27:32 UTC
Red Hat Product Errata RHSA-2020:1420 0 None None None 2020-04-09 10:02:30 UTC
Red Hat Product Errata RHSA-2020:1429 0 None None None 2020-04-14 07:50:51 UTC
Red Hat Product Errata RHSA-2020:1488 0 None None None 2020-04-16 10:03:07 UTC
Red Hat Product Errata RHSA-2020:1489 0 None None None 2020-04-16 10:03:34 UTC
Red Hat Product Errata RHSA-2020:1495 0 None None None 2020-04-16 20:53:55 UTC
Red Hat Product Errata RHSA-2020:1496 0 None None None 2020-04-16 20:29:49 UTC

Description Marian Rehak 2020-04-07 12:06:10 UTC
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code.

Comment 2 msiddiqu 2020-04-08 00:29:51 UTC
Acknowledgments:

Name: the Mozilla project
Upstream: Deian Stefan

Comment 3 msiddiqu 2020-04-08 00:29:53 UTC
External References:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6822

Comment 4 errata-xmlrpc 2020-04-08 13:36:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:1404 https://access.redhat.com/errata/RHSA-2020:1404

Comment 5 errata-xmlrpc 2020-04-08 16:27:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1406 https://access.redhat.com/errata/RHSA-2020:1406

Comment 6 Product Security DevOps Team 2020-04-08 16:31:53 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-6822

Comment 7 errata-xmlrpc 2020-04-09 10:02:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:1420 https://access.redhat.com/errata/RHSA-2020:1420

Comment 8 errata-xmlrpc 2020-04-14 07:50:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:1429 https://access.redhat.com/errata/RHSA-2020:1429

Comment 9 errata-xmlrpc 2020-04-16 10:03:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:1488 https://access.redhat.com/errata/RHSA-2020:1488

Comment 10 errata-xmlrpc 2020-04-16 10:03:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:1489 https://access.redhat.com/errata/RHSA-2020:1489

Comment 11 errata-xmlrpc 2020-04-16 20:29:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:1496 https://access.redhat.com/errata/RHSA-2020:1496

Comment 12 errata-xmlrpc 2020-04-16 20:53:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1495 https://access.redhat.com/errata/RHSA-2020:1495


Note You need to log in before you can comment on or make changes to this bug.