Bug 1913503 (CVE-2020-16044) - CVE-2020-16044 Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Summary: CVE-2020-16044 Mozilla: Use-after-free write when handling a malicious COOKIE...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-16044
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1913504 1913505 1913506 1913507 1913508 1915088 1915089 1915090 1915091 1915092 1918277 1918278
Blocks: 1913502
TreeView+ depends on / blocked
 
Reported: 2021-01-06 23:54 UTC by Doran Moppert
Modified: 2021-10-05 06:54 UTC (History)
8 users (show)

Fixed In Version: firefox 84.0.2, firefox 78.6.1, thunderbird 78.6.1, chromium-browser 88.0.4324.96
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-01-11 12:27:55 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:0052 0 None None None 2021-01-11 09:55:52 UTC
Red Hat Product Errata RHSA-2021:0053 0 None None None 2021-01-11 10:46:06 UTC
Red Hat Product Errata RHSA-2021:0054 0 None None None 2021-01-11 10:19:13 UTC
Red Hat Product Errata RHSA-2021:0055 0 None None None 2021-01-11 10:27:12 UTC
Red Hat Product Errata RHSA-2021:0087 0 None None None 2021-01-13 11:12:43 UTC
Red Hat Product Errata RHSA-2021:0088 0 None None None 2021-01-13 10:50:01 UTC
Red Hat Product Errata RHSA-2021:0089 0 None None None 2021-01-13 10:46:32 UTC
Red Hat Product Errata RHSA-2021:0160 0 None None None 2021-01-18 16:12:19 UTC

Description Doran Moppert 2021-01-06 23:54:39 UTC
A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044

Comment 1 Doran Moppert 2021-01-06 23:54:43 UTC
Acknowledgments:

Name: the Mozilla project
Upstream: Ned Williamson

Comment 3 errata-xmlrpc 2021-01-11 09:55:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:0052 https://access.redhat.com/errata/RHSA-2021:0052

Comment 4 errata-xmlrpc 2021-01-11 10:19:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0054 https://access.redhat.com/errata/RHSA-2021:0054

Comment 5 errata-xmlrpc 2021-01-11 10:27:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0055 https://access.redhat.com/errata/RHSA-2021:0055

Comment 6 errata-xmlrpc 2021-01-11 10:46:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0053 https://access.redhat.com/errata/RHSA-2021:0053

Comment 7 Product Security DevOps Team 2021-01-11 12:27:55 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-16044

Comment 9 Doran Moppert 2021-01-11 23:20:58 UTC
Statement:

Regarding Thunderbird:  in general this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.

Comment 10 errata-xmlrpc 2021-01-13 10:46:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:0089 https://access.redhat.com/errata/RHSA-2021:0089

Comment 11 errata-xmlrpc 2021-01-13 10:49:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0088 https://access.redhat.com/errata/RHSA-2021:0088

Comment 12 errata-xmlrpc 2021-01-13 11:11:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0087 https://access.redhat.com/errata/RHSA-2021:0087

Comment 13 errata-xmlrpc 2021-01-18 16:12:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0160 https://access.redhat.com/errata/RHSA-2021:0160

Comment 14 msiddiqu 2021-01-20 11:52:15 UTC
Chromium reference for this CVE:

https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html

Comment 15 msiddiqu 2021-01-20 11:57:33 UTC
Chromium upstream bug:

https://bugs.chromium.org/p/chromium/issues/detail?id=1163228


Note You need to log in before you can comment on or make changes to this bug.