PT-2019-3411 · Mozilla+5 · Thunderbird+5

Luis Merino

Published

2019-06-12

Updated

2024-06-15

CVE-2019-11704

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 60.7.1

Description The issue is related to a heap buffer overflow in the icalmemory strdup and dequote function when processing certain email messages, potentially leading to a crash. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 60.7.1, update to version 60.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of email messages that could trigger the icalmemory strdup and dequote function until a patch is available.

Exploit

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALT-PU-2019-2075

ALT-PU-2019-2078

BDU:2019-03565

CESA-2019_1623

CESA-2019_1624

CESA-2019_1626

CVE-2019-11704

DLA-1820-1

DSA-4464-1

MGASA-2019-0193

OPENSUSE-SU-2019:1583-1

OPENSUSE-SU-2019:1606-1

OPENSUSE-SU-2019:1664-1

OPENSUSE-SU-2019_1577-1

OPENSUSE-SU-2019_1583-1

OPENSUSE-SU-2019_1606-1

OPENSUSE-SU-2024:10601-1

RHSA-2019:1623

RHSA-2019:1624

RHSA-2019:1626

RHSA-2019_1623

RHSA-2019_1624

RHSA-2019_1626

SUSE-SU-2019:1495-1

SUSE-SU-2019:1683-1

USN-4028-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Thunderbird

Ubuntu

PT-2019-3411 · Mozilla+5 · Thunderbird+5

CVE-2019-11704

Weakness Enumeration

Related Identifiers

Affected Products

References · 447