PT-2019-3440 · Mozilla+5 · Thunderbird+5

Luis Merino

Published

2019-06-13

Updated

2024-06-15

CVE-2019-11705

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 60.7.1

Description A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur add bydayrules when processing certain email messages, resulting in a potentially exploitable crash. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For Thunderbird versions prior to 60.7.1, update to version 60.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of email messages that may trigger the icalrecur add bydayrules function until a patch is available.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALT-PU-2019-2075

ALT-PU-2019-2078

BDU:2019-03611

CESA-2019_1623

CESA-2019_1624

CESA-2019_1626

CVE-2019-11705

DLA-1820-1

DSA-4464-1

MGASA-2019-0193

OPENSUSE-SU-2019:1583-1

OPENSUSE-SU-2019:1606-1

OPENSUSE-SU-2019:1664-1

OPENSUSE-SU-2019_1577-1

OPENSUSE-SU-2019_1583-1

OPENSUSE-SU-2019_1606-1

OPENSUSE-SU-2024:10601-1

RHSA-2019:1623

RHSA-2019:1624

RHSA-2019:1626

RHSA-2019_1623

RHSA-2019_1624

RHSA-2019_1626

SUSE-SU-2019:1495-1

SUSE-SU-2019:1683-1

USN-4028-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Thunderbird

Ubuntu

PT-2019-3440 · Mozilla+5 · Thunderbird+5

CVE-2019-11705

Weakness Enumeration

Related Identifiers

Affected Products

References · 446