CVE-2019-20503

Name	CVE-2019-20503
Description	usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-2140-1, DLA-2150-1, DLA-3481-1, DSA-4639-1, DSA-4642-1, DSA-4645-1
Debian Bugs	953270

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
chromium (PTS)	buster, buster (security)	90.0.4430.212-1~deb10u1	fixed
	bullseye	116.0.5845.180-1~deb11u1	fixed
	bullseye (security)	119.0.6045.199-1~deb11u1	fixed
	bookworm	116.0.5845.180-1~deb12u1	fixed
	bookworm (security)	119.0.6045.199-1~deb12u1	fixed
	trixie	119.0.6045.159-1	fixed
	sid	119.0.6045.199-1	fixed
firefox (PTS)	sid	120.0.1-1	fixed
firefox-esr (PTS)	buster	91.12.0esr-1~deb10u1	fixed
	buster (security)	115.5.0esr-1~deb10u1	fixed
	bullseye	102.15.0esr-1~deb11u1	fixed
	bullseye (security)	115.5.0esr-1~deb11u1	fixed
	bookworm	102.15.1esr-1~deb12u1	fixed
	bookworm (security)	115.5.0esr-1~deb12u1	fixed
	sid, trixie	115.5.0esr-1	fixed
libusrsctp (PTS)	buster	0.9.3.0+20190127-2	vulnerable
	buster (security)	0.9.3.0+20190127-2+deb10u1	fixed
	bullseye	0.9.3.0+20201102-2	fixed
	sid, trixie, bookworm	0.9.5.0-2	fixed
thunderbird (PTS)	buster	1:91.12.0-1~deb10u1	fixed
	buster (security)	1:115.5.0-1~deb10u1	fixed
	bullseye	1:102.13.1-1~deb11u1	fixed
	bullseye (security)	1:115.5.0-1~deb11u1	fixed
	bookworm	1:102.15.1-1~deb12u1	fixed
	bookworm (security)	1:115.5.0-1~deb12u1	fixed
	trixie	1:115.5.0-1	fixed
	sid	1:115.5.1-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
chromium	source	stretch	(unfixed)	end-of-life
chromium	source	buster	80.0.3987.149-1~deb10u1		DSA-4645-1
chromium	source	(unstable)	80.0.3987.149-1
firefox	source	(unstable)	74.0-1
firefox-esr	source	jessie	68.6.0esr-1~deb8u1		DLA-2140-1
firefox-esr	source	stretch	68.6.0esr-1~deb9u1		DSA-4639-1
firefox-esr	source	buster	68.6.0esr-1~deb10u1		DSA-4639-1
firefox-esr	source	(unstable)	68.6.0esr-1
libusrsctp	source	buster	0.9.3.0+20190127-2+deb10u1		DLA-3481-1
libusrsctp	source	(unstable)	0.9.3.0+20200312-1			953270
thunderbird	source	jessie	1:68.6.0-1~deb8u1		DLA-2150-1
thunderbird	source	stretch	1:68.6.0-1~deb9u1		DSA-4642-1
thunderbird	source	buster	1:68.6.0-1~deb10u1		DSA-4642-1
thunderbird	source	(unstable)	1:68.6.0-1

Notes

[stretch] - chromium <end-of-life> (see DSA 4562)
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467