CVE-2019-13722 — Out-of-bounds Write in Google Chrome

CWE-787 — Out-of-bounds Write CWE-628 — Function Call with Incorrectly Specified Arguments CWE-121 — Stack-based Buffer Overflow7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 42.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Firefox Debian Firefox-esr +1 more

Timeline

PublishedJan 14

Latest updateMay 24

Description

Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5google/chromeunspecified — 79.0.3945.79

▶NVDgoogle/chrome< 79.0.3945.79

▶debiandebian/firefox

▶debiandebian/firefox-esr

▶debiandebian/thunderbird

🔴Vulnerability Details

GHSA

GHSA-4q6j-2cv9-cmqj: Inappropriate implementation in WebRTC in Google Chrome prior to 79↗2022-05-24

▶

OSV

CVE-2019-13722: Inappropriate implementation in WebRTC in Google Chrome prior to 79↗2020-01-14

▶

📋Vendor Advisories

Red Hat

Mozilla: Stack corruption due to incorrect number of arguments in WebRTC code↗2019-12-03

▶

Debian

CVE-2019-13722: firefox - Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 al...↗2019

▶

💬Community

Bugzilla

CVE-2019-13722 Mozilla: Stack corruption due to incorrect number of arguments in WebRTC code↗2019-12-04

▶

Bugzilla

Intermittent AddressSanitizer: stack-buffer-overflow Z:\task_1567613406\fetches\llvm-project\llvm\projects\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:785 in __asan_wrap_memmove↗2019-09-10

▶