CVE-2024-8394

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 128.2

Description The issue is related to a use-after-free bug that could be triggered when aborting the verification of an OTR chat session, potentially leading to a crash. This could be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 128.2, update to version 128.2 or later to resolve the issue.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:6683

ALSA-2024:6684

ALT-PU-2024-13897

ALT-PU-2024-15841

BDU:2024-09443

CESA-2024_6684

CVE-2024-8394

INFSA-2024_6683

INFSA-2024_6684

OPENSUSE-SU-2024_3507-1

RHSA-2024:6683

RHSA-2024:6684

RHSA-2024:6719

RHSA-2024:6720

RHSA-2024:6721

RHSA-2024:6722

RHSA-2024:6723

RHSA-2024:6816

RHSA-2024_6683

RHSA-2024_6684

RLSA-2024:6683

RLSA-2024:6684

SUSE-SU-2024:3507-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Suse

Thunderbird

CVE-2024-8394

Weakness Enumeration

Related Identifiers

Affected Products

References · 92