1831763 – (CVE-2020-6831) CVE-2020-6831 usrsctp: Buffer overflow in AUTH chunk input validation

Bug 1831763 (CVE-2020-6831) - CVE-2020-6831 usrsctp: Buffer overflow in AUTH chunk input validation

Summary: CVE-2020-6831 usrsctp: Buffer overflow in AUTH chunk input validation

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-6831
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1828972 1828973 1828974 1828975 1828976 1828977 1828978 1831592 1831593 1831594 1831595 1831596 1831597 1831598 1832489
Blocks:	1828970
TreeView+	depends on / blocked

Reported:	2020-05-05 15:14 UTC by msiddiqu
Modified:	2021-02-16 20:06 UTC (History)
CC List:	6 users (show)
Fixed In Version:	firefox 68.8, thunderbird 68.8.0
Clone Of:
Environment:
Last Closed:	2020-05-06 10:32:01 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:2031	None	None	None	2020-05-06 08:43:53 UTC
Red Hat Product Errata	RHSA-2020:2032	None	None	None	2020-05-06 08:27:08 UTC
Red Hat Product Errata	RHSA-2020:2033	None	None	None	2020-05-06 08:10:54 UTC
Red Hat Product Errata	RHSA-2020:2036	None	None	None	2020-05-06 10:45:24 UTC
Red Hat Product Errata	RHSA-2020:2037	None	None	None	2020-05-06 10:42:13 UTC
Red Hat Product Errata	RHSA-2020:2046	None	None	None	2020-05-11 09:25:19 UTC
Red Hat Product Errata	RHSA-2020:2047	None	None	None	2020-05-11 09:05:47 UTC
Red Hat Product Errata	RHSA-2020:2048	None	None	None	2020-05-11 08:54:45 UTC
Red Hat Product Errata	RHSA-2020:2049	None	None	None	2020-05-11 09:34:35 UTC
Red Hat Product Errata	RHSA-2020:2050	None	None	None	2020-05-11 09:51:09 UTC
Red Hat Product Errata	RHSA-2020:2064	None	None	None	2020-05-11 21:24:15 UTC

Description msiddiqu 2020-05-05 15:14:29 UTC

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831

Comment 1 msiddiqu 2020-05-05 15:14:36 UTC

Acknowledgments:

Name: the Mozilla project
Upstream: Natalie Silvanovich (Google Project Zero)

Comment 2 errata-xmlrpc 2020-05-06 08:10:52 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:2033 https://access.redhat.com/errata/RHSA-2020:2033

Comment 3 errata-xmlrpc 2020-05-06 08:26:32 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2032 https://access.redhat.com/errata/RHSA-2020:2032

Comment 4 errata-xmlrpc 2020-05-06 08:43:50 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2031 https://access.redhat.com/errata/RHSA-2020:2031

Comment 5 Product Security DevOps Team 2020-05-06 10:32:01 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-6831

Comment 6 errata-xmlrpc 2020-05-06 10:42:11 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:2037 https://access.redhat.com/errata/RHSA-2020:2037

Comment 7 errata-xmlrpc 2020-05-06 10:45:20 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:2036 https://access.redhat.com/errata/RHSA-2020:2036

Comment 8 Tomas Hoger 2020-05-06 21:49:05 UTC

This issue was also fixed in Google Chrome 81.0.4044.138:

https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail?id=1073602

Related fixes as applied to Mozilla mercurial repo:

https://hg.mozilla.org/releases/mozilla-release/rev/35616be71c33a7a4707b3a2f42af9b67d8ddcdb9
https://hg.mozilla.org/releases/mozilla-release/rev/e3b02434661ad795beea1baccce52f589bdc0269

The fix in usrsctp upstream git repo:

https://github.com/sctplab/usrsctp/commit/858d2f73019f73bd2c1691bab75c2022640b82e7

Comment 10 errata-xmlrpc 2020-05-11 08:54:42 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:2048 https://access.redhat.com/errata/RHSA-2020:2048

Comment 11 errata-xmlrpc 2020-05-11 09:05:45 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2047 https://access.redhat.com/errata/RHSA-2020:2047

Comment 12 errata-xmlrpc 2020-05-11 09:25:17 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2046 https://access.redhat.com/errata/RHSA-2020:2046

Comment 13 errata-xmlrpc 2020-05-11 09:34:33 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:2049 https://access.redhat.com/errata/RHSA-2020:2049

Comment 14 errata-xmlrpc 2020-05-11 09:51:06 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:2050 https://access.redhat.com/errata/RHSA-2020:2050

Comment 15 errata-xmlrpc 2020-05-11 21:24:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2020:2064 https://access.redhat.com/errata/RHSA-2020:2064

Note You need to log in before you can comment on or make changes to this bug.