// For flags

CVE-2019-20503

usrsctp: Out of bounds reads in sctp_load_addresses_from_init()

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

usrsctp versiones anteriores al 20-12-2019, presenta lecturas fuera de límites en la función sctp_load_addresses_from_init.

The Mozilla Foundation Security Advisory describes this flaw as:

The inputs to `sctp_load_addresses_from_init` are verified by `sctp_arethere_unrecognized_parameters`; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-03-06 CVE Reserved
  • 2020-03-06 CVE Published
  • 2024-06-30 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
References (40)
URL Tag Source
http://seclists.org/fulldisclosure/2020/May/49 Mailing List
http://seclists.org/fulldisclosure/2020/May/52 Mailing List
http://seclists.org/fulldisclosure/2020/May/55 Mailing List
http://seclists.org/fulldisclosure/2020/May/59 Mailing List
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html Third Party Advisory
https://crbug.com/1059349 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html Mailing List
https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html Mailing List
https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html Mailing List
https://support.apple.com/HT211168 Third Party Advisory
https://support.apple.com/HT211171 Third Party Advisory
https://support.apple.com/HT211175 Third Party Advisory
https://support.apple.com/HT211177 Third Party Advisory
https://support.apple.com/kb/HT211168 Third Party Advisory
https://support.apple.com/kb/HT211171 Third Party Advisory
https://support.apple.com/kb/HT211175 Third Party Advisory
https://support.apple.com/kb/HT211177 Third Party Advisory
URL Date SRC
https://bugs.chromium.org/p/project-zero/issues/detail?id=1992 2024-08-05
URL Date SRC
https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467 2024-06-27
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html 2024-06-27
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html 2024-06-27
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html 2024-06-27
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html 2024-06-27
https://access.redhat.com/errata/RHSA-2020:0815 2024-06-27
https://access.redhat.com/errata/RHSA-2020:0816 2024-06-27
https://access.redhat.com/errata/RHSA-2020:0819 2024-06-27
https://access.redhat.com/errata/RHSA-2020:0820 2024-06-27
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI 2024-06-27
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57 2024-06-27
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ 2024-06-27
https://security.gentoo.org/glsa/202003-02 2024-06-27
https://security.gentoo.org/glsa/202003-10 2024-06-27
https://usn.ubuntu.com/4299-1 2024-06-27
https://usn.ubuntu.com/4328-1 2024-06-27
https://usn.ubuntu.com/4335-1 2024-06-27
https://www.debian.org/security/2020/dsa-4639 2024-06-27
https://www.debian.org/security/2020/dsa-4642 2024-06-27
https://www.debian.org/security/2020/dsa-4645 2024-06-27
https://access.redhat.com/security/cve/CVE-2019-20503 2020-04-01
https://bugzilla.redhat.com/show_bug.cgi?id=1812203 2020-04-01
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Usrsctp Project
Search vendor "Usrsctp Project"
 Usrsctp
Search vendor "Usrsctp Project" for product "Usrsctp"
 < 0.9.4.0
Search vendor "Usrsctp Project" for product "Usrsctp" and version " < 0.9.4.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
esm
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 18.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"
esm
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 19.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10"
-
Affected