cbcvebase.
CVE-2019-20503
published 2020-03-06

CVE-2019-20503: usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

PriorityP430medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
3.16%
86.4th percentile
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
chromiumchromium>= 0 < 80.0.3987.149-180.0.3987.149-1
chromiumchromium>= 0 < 80.0.3987.149-180.0.3987.149-1
chromiumchromium>= 0 < 80.0.3987.149-180.0.3987.149-1
chromiumchromium>= 0 < 80.0.3987.149-180.0.3987.149-1
debianchromium< chromium 80.0.3987.149-1 (bookworm)chromium 80.0.3987.149-1 (bookworm)
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianfirefox< chromium 80.0.3987.149-1 (bookworm)chromium 80.0.3987.149-1 (bookworm)
debianfirefox-esr< chromium 80.0.3987.149-1 (bookworm)chromium 80.0.3987.149-1 (bookworm)
debianlibusrsctp< chromium 80.0.3987.149-1 (bookworm)chromium 80.0.3987.149-1 (bookworm)
debianthunderbird< chromium 80.0.3987.149-1 (bookworm)chromium 80.0.3987.149-1 (bookworm)
googlechrome_chrome
mozillafirefox
mozillafirefox>= 0 < 74.0+build3-0ubuntu0.16.04.174.0+build3-0ubuntu0.16.04.1
mozillafirefox>= 0 < 74.0+build3-0ubuntu0.18.04.174.0+build3-0ubuntu0.18.04.1
mozillathunderbird>= 0 < 1:68.6.0-11:68.6.0-1
mozillathunderbird>= 0 < 1:68.6.0-11:68.6.0-1
mozillathunderbird>= 0 < 1:68.6.0-11:68.6.0-1
mozillathunderbird>= 0 < 1:68.6.0-11:68.6.0-1
mozillathunderbird>= 0 < 1:68.7.0+build1-0ubuntu0.16.04.21:68.7.0+build1-0ubuntu0.16.04.2
mozillathunderbird>= 0 < 1:68.7.0+build1-0ubuntu0.18.04.11:68.7.0+build1-0ubuntu0.18.04.1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.