Bug 1831763 (CVE-2020-6831) - CVE-2020-6831 usrsctp: Buffer overflow in AUTH chunk input validation
Summary: CVE-2020-6831 usrsctp: Buffer overflow in AUTH chunk input validation
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-6831
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1828972 1828973 1828974 1828975 1828976 1828977 1828978 1831592 1831593 1831594 1831595 1831596 1831597 1831598 1832489
Blocks: 1828970
TreeView+ depends on / blocked
 
Reported: 2020-05-05 15:14 UTC by msiddiqu
Modified: 2021-02-16 20:06 UTC (History)
6 users (show)

Fixed In Version: firefox 68.8, thunderbird 68.8.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Mozilla Firefox and Thunderbird. When parsing and validating SCTP chunks in WebRTC a memory buffer overflow could occur leading to memory corruption and an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed: 2020-05-06 10:32:01 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:2031 0 None None None 2020-05-06 08:43:53 UTC
Red Hat Product Errata RHSA-2020:2032 0 None None None 2020-05-06 08:27:08 UTC
Red Hat Product Errata RHSA-2020:2033 0 None None None 2020-05-06 08:10:54 UTC
Red Hat Product Errata RHSA-2020:2036 0 None None None 2020-05-06 10:45:24 UTC
Red Hat Product Errata RHSA-2020:2037 0 None None None 2020-05-06 10:42:13 UTC
Red Hat Product Errata RHSA-2020:2046 0 None None None 2020-05-11 09:25:19 UTC
Red Hat Product Errata RHSA-2020:2047 0 None None None 2020-05-11 09:05:47 UTC
Red Hat Product Errata RHSA-2020:2048 0 None None None 2020-05-11 08:54:45 UTC
Red Hat Product Errata RHSA-2020:2049 0 None None None 2020-05-11 09:34:35 UTC
Red Hat Product Errata RHSA-2020:2050 0 None None None 2020-05-11 09:51:09 UTC
Red Hat Product Errata RHSA-2020:2064 0 None None None 2020-05-11 21:24:15 UTC

Description msiddiqu 2020-05-05 15:14:29 UTC
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831

Comment 1 msiddiqu 2020-05-05 15:14:36 UTC
Acknowledgments:

Name: the Mozilla project
Upstream: Natalie Silvanovich (Google Project Zero)

Comment 2 errata-xmlrpc 2020-05-06 08:10:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:2033 https://access.redhat.com/errata/RHSA-2020:2033

Comment 3 errata-xmlrpc 2020-05-06 08:26:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2032 https://access.redhat.com/errata/RHSA-2020:2032

Comment 4 errata-xmlrpc 2020-05-06 08:43:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2031 https://access.redhat.com/errata/RHSA-2020:2031

Comment 5 Product Security DevOps Team 2020-05-06 10:32:01 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-6831

Comment 6 errata-xmlrpc 2020-05-06 10:42:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:2037 https://access.redhat.com/errata/RHSA-2020:2037

Comment 7 errata-xmlrpc 2020-05-06 10:45:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:2036 https://access.redhat.com/errata/RHSA-2020:2036

Comment 10 errata-xmlrpc 2020-05-11 08:54:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:2048 https://access.redhat.com/errata/RHSA-2020:2048

Comment 11 errata-xmlrpc 2020-05-11 09:05:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2047 https://access.redhat.com/errata/RHSA-2020:2047

Comment 12 errata-xmlrpc 2020-05-11 09:25:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2046 https://access.redhat.com/errata/RHSA-2020:2046

Comment 13 errata-xmlrpc 2020-05-11 09:34:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:2049 https://access.redhat.com/errata/RHSA-2020:2049

Comment 14 errata-xmlrpc 2020-05-11 09:51:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:2050 https://access.redhat.com/errata/RHSA-2020:2050

Comment 15 errata-xmlrpc 2020-05-11 21:24:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2020:2064 https://access.redhat.com/errata/RHSA-2020:2064


Note You need to log in before you can comment on or make changes to this bug.