Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-11705Out-of-bounds Write in Mozilla Thunderbird

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow9 documents8 sources
Severity
9.8CRITICALNVD
EPSS
8.7%
top 7.50%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mozilla ThunderbirdDebian Thunderbird
Timeline
PublishedJul 23
Latest updateMay 24

Description

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

debiandebian/thunderbird< thunderbird 1:60.7.1-1 (bookworm)
CVEListV5mozilla/thunderbirdunspecified60.7.1
NVDmozilla/thunderbird< 60.7.1
Debianmozilla/thunderbird< 1:60.7.1-1+3

🔴Vulnerability Details

2
GHSA
GHSA-jqv2-fc88-9266: A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resu2022-05-24
OSV
CVE-2019-11705: A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resu2019-07-23

💥Exploits & PoCs

1
Exploit-DB
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow2019-06-17

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2019-06-20
Red Hat
libical: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c2019-06-13
Debian
CVE-2019-11705: thunderbird - A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in...2019

💬Community

2
Bugzilla
CVE-2019-11705 thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c [fedora-all]2019-06-14
Bugzilla
CVE-2019-11705 libical: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c2019-06-12