CVE-2022-0566 — Out-of-bounds Write in Mozilla Thunderbird

CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 58.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Thunderbird Mozilla Firefox

Timeline

PublishedDec 22

Description

It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶debiandebian/thunderbird< thunderbird 1:91.6.1-1 (bookworm)

▶CVEListV5mozilla/thunderbirdunspecified — 91.6.1

▶NVDmozilla/thunderbird< 91.6.1

▶Debianmozilla/thunderbird< 1:91.6.1-1~deb11u1+3

▶Ubuntumozilla/thunderbird< 1:91.7.0+build2-0ubuntu0.18.04.1+1

🔴Vulnerability Details

OSV

CVE-2022-0566: It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the↗2022-12-22

▶

GHSA

GHSA-3jgp-624h-phx4: It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the↗2022-12-22

▶

OSV

thunderbird vulnerabilities↗2022-03-23

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2022-03-23

▶

Red Hat

thunderbird: Crafted email could trigger an out-of-bounds write↗2022-02-17

▶

Debian

CVE-2022-0566: thunderbird - It may be possible for an attacker to craft an email message that causes Thunder...↗2022

▶

Mozilla

Mozilla Foundation Security Advisory 2022-07: CVE-2022-0566↗

▶