1913503 – (CVE-2020-16044) CVE-2020-16044 Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Bug 1913503 (CVE-2020-16044) - CVE-2020-16044 Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Summary: CVE-2020-16044 Mozilla: Use-after-free write when handling a malicious COOKIE...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-16044
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1913504 1913505 1913506 1913507 1913508 1915088 1915089 1915090 1915091 1915092 1918277 1918278
Blocks:	1913502
TreeView+	depends on / blocked

Reported:	2021-01-06 23:54 UTC by Doran Moppert
Modified:	2021-10-05 06:54 UTC (History)
CC List:	8 users (show)
Fixed In Version:	firefox 84.0.2, firefox 78.6.1, thunderbird 78.6.1, chromium-browser 88.0.4324.96
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-01-11 12:27:55 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:0052	None	None	None	2021-01-11 09:55:52 UTC
Red Hat Product Errata	RHSA-2021:0053	None	None	None	2021-01-11 10:46:06 UTC
Red Hat Product Errata	RHSA-2021:0054	None	None	None	2021-01-11 10:19:13 UTC
Red Hat Product Errata	RHSA-2021:0055	None	None	None	2021-01-11 10:27:12 UTC
Red Hat Product Errata	RHSA-2021:0087	None	None	None	2021-01-13 11:12:43 UTC
Red Hat Product Errata	RHSA-2021:0088	None	None	None	2021-01-13 10:50:01 UTC
Red Hat Product Errata	RHSA-2021:0089	None	None	None	2021-01-13 10:46:32 UTC
Red Hat Product Errata	RHSA-2021:0160	None	None	None	2021-01-18 16:12:19 UTC

Description Doran Moppert 2021-01-06 23:54:39 UTC

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044

Comment 1 Doran Moppert 2021-01-06 23:54:43 UTC

Acknowledgments:

Name: the Mozilla project
Upstream: Ned Williamson

Comment 3 errata-xmlrpc 2021-01-11 09:55:51 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:0052 https://access.redhat.com/errata/RHSA-2021:0052

Comment 4 errata-xmlrpc 2021-01-11 10:19:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0054 https://access.redhat.com/errata/RHSA-2021:0054

Comment 5 errata-xmlrpc 2021-01-11 10:27:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0055 https://access.redhat.com/errata/RHSA-2021:0055

Comment 6 errata-xmlrpc 2021-01-11 10:46:03 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0053 https://access.redhat.com/errata/RHSA-2021:0053

Comment 7 Product Security DevOps Team 2021-01-11 12:27:55 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-16044

Comment 9 Doran Moppert 2021-01-11 23:20:58 UTC

Statement:

Regarding Thunderbird:  in general this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.

Comment 10 errata-xmlrpc 2021-01-13 10:46:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:0089 https://access.redhat.com/errata/RHSA-2021:0089

Comment 11 errata-xmlrpc 2021-01-13 10:49:56 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:0088 https://access.redhat.com/errata/RHSA-2021:0088

Comment 12 errata-xmlrpc 2021-01-13 11:11:29 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0087 https://access.redhat.com/errata/RHSA-2021:0087

Comment 13 errata-xmlrpc 2021-01-18 16:12:17 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0160 https://access.redhat.com/errata/RHSA-2021:0160

Comment 14 msiddiqu 2021-01-20 11:52:15 UTC

Chromium reference for this CVE:

https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html

Comment 15 msiddiqu 2021-01-20 11:57:33 UTC

Chromium upstream bug:

https://bugs.chromium.org/p/chromium/issues/detail?id=1163228

Note You need to log in before you can comment on or make changes to this bug.