Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-11703Out-of-bounds Write in Mozilla Thunderbird

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
9.8CRITICALNVD
EPSS
8.3%
top 7.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mozilla ThunderbirdDebian Thunderbird
Timeline
PublishedJul 23
Latest updateMay 24

Description

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

debiandebian/thunderbird< thunderbird 1:60.7.1-1 (bookworm)
CVEListV5mozilla/thunderbirdunspecified60.7.1
NVDmozilla/thunderbird< 60.7.1
Debianmozilla/thunderbird< 1:60.7.1-1+3

🔴Vulnerability Details

2
GHSA
GHSA-j937-8hgv-v466: A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting2022-05-24
OSV
CVE-2019-11703: A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting2019-07-23

💥Exploits & PoCs

1
Exploit-DB
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow2019-06-17

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2019-06-20
Red Hat
libical: Heap buffer over read in icalparser.c parser_get_next_char2019-06-13
Debian
CVE-2019-11703: thunderbird - A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in ...2019

💬Community

2
Bugzilla
CVE-2019-11703 thunderbird: Heap buffer over read in icalparser.c parser_get_next_char [fedora-all]2019-06-14
Bugzilla
CVE-2019-11703 libical: Heap buffer over read in icalparser.c parser_get_next_char2019-06-12