CVE-2019-20503 – usrsctp: Out of bounds reads in sctp_load_addresses_from_init()

https://notcve.org/view.php?id=CVE-2019-20503

usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. usrsctp versiones anteriores al 20-12-2019, presenta lecturas fuera de límites en la función sctp_load_addresses_from_init. The Mozilla Foundation Security Advisory describes this flaw as: The inputs to `sctp_load_addresses_from_init` are verified by `sctp_arethere_unrecognized_parameters`; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html http://seclists.org/fulldisclosure/2020/May/49 http://seclists.org/fulldisclosure/2020/May/52 http://seclists.org/fulldisclosure/2020/May/55 http://seclists.org/fulldisclosure/2020/May/59 https:/ • CWE-125: Out-of-bounds Read •