CVE-2020-6831

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 1.53 % (87^th)

Affected Products 6

Advisories 38

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Weaknesses

CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2020-05-26 18:15:11
(4 years ago)
Updated Date: 2021-07-21 11:39:23
(3 years ago)

Affected Products

Canonical

Ubuntu Linux

Debian

Debian Linux

Mozilla

Opensuse

Leap

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 76.0 version	cpe:2.3:a:mozilla:firefox	< 76.0
Mozilla Firefox Esr prior 68.8.0 version	cpe:2.3:a:mozilla:firefox_esr	< 68.8.0
Mozilla Thunderbird prior 68.8.0 version	cpe:2.3:a:mozilla:thunderbird	< 68.8.0

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 19.10	cpe:2.3:o:canonical:ubuntu_linux:19.10
	Canonical Ubuntu Linux 20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04:::*:lts

Configuration #3

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Configuration #4

		CPE23	From	Up To
	Opensuse Leap 15.2	cpe:2.3:o:opensuse:leap:15.2