PT-2019-3410 · Mozilla+5 · Thunderbird+5

Luis Merino

Published

2019-06-12

Updated

2024-06-15

CVE-2019-11703

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 60.7.1

Description A flaw in the implementation of iCal in Thunderbird causes a heap buffer overflow in parser get next char when processing certain email messages, resulting in a potentially exploitable crash. This issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For Thunderbird versions prior to 60.7.1, update to version 60.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of certain email messages that may trigger the heap buffer overflow in parser get next char until a patch is available.

Exploit

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALT-PU-2019-2075

ALT-PU-2019-2078

BDU:2019-03564

CESA-2019_1623

CESA-2019_1624

CESA-2019_1626

CVE-2019-11703

DLA-1820-1

DSA-4464-1

MGASA-2019-0193

OPENSUSE-SU-2019:1583-1

OPENSUSE-SU-2019:1606-1

OPENSUSE-SU-2019:1664-1

OPENSUSE-SU-2019_1577-1

OPENSUSE-SU-2019_1583-1

OPENSUSE-SU-2019_1606-1

OPENSUSE-SU-2024:10601-1

RHSA-2019:1623

RHSA-2019:1624

RHSA-2019:1626

RHSA-2019_1623

RHSA-2019_1624

RHSA-2019_1626

SUSE-SU-2019:1495-1

SUSE-SU-2019:1683-1

USN-4028-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Thunderbird

Ubuntu

PT-2019-3410 · Mozilla+5 · Thunderbird+5

CVE-2019-11703

Weakness Enumeration

Related Identifiers

Affected Products

References · 446