CVE-2019-13722
First published: Tue Dec 03 2019(Updated: )
When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash. Note: this issue only occurs on Windows. Other operating systems are unaffected.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Thunderbird | <68.3 | 68.3 |
| <71 | 71 | |
| <68.3 | 68.3 | |
| <68.3 | 68.3 | |
| Google Chrome | <79.0.3945.79 | 79.0.3945.79 |
| Google Chrome | <79.0.3945.79 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1580156
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/
- https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html (Advisory)
- https://crbug.com/1025089
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17014
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-13725
- CVE-2019-13726
- CVE-2019-13727
- CVE-2019-13728
- CVE-2019-13729
- CVE-2019-13730
- CVE-2019-13732
- CVE-2019-13734
- CVE-2019-13735
- CVE-2019-13764
- CVE-2019-13736
- CVE-2019-13737
- CVE-2019-13738
- CVE-2019-13739
- CVE-2019-13740
- CVE-2019-13741
- CVE-2019-13742
- CVE-2019-13743
- CVE-2019-13744
- CVE-2019-13745
- CVE-2019-13746
- CVE-2019-13747
- CVE-2019-13748
- CVE-2019-13749
- CVE-2019-13750
- CVE-2019-13751
- CVE-2019-13752
- CVE-2019-13753
- CVE-2019-13754
- CVE-2019-13755
- CVE-2019-13756
- CVE-2019-13757
- CVE-2019-13758
- CVE-2019-13759
- CVE-2019-13761
- CVE-2019-13762
- CVE-2019-13763
- CVE-2019-17008
- CVE-2019-13722
- CVE-2019-11745
- CVE-2019-17009
- CVE-2019-17010
- CVE-2019-17005
- CVE-2019-17011
- CVE-2019-17012
- CVE-2019-11756
- CVE-2019-17014
- CVE-2019-17013
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-13722.
What is the title of the vulnerability?
The title of the vulnerability is 'Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attac…'
What is the description of the vulnerability?
The vulnerability occurs when setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash. It only affects Windows operating system.
Which software versions are affected by this vulnerability?
Mozilla Thunderbird 68.3, Mozilla Firefox ESR 68.3, and Google Chrome up to version 79.0.3945.79 are affected by this vulnerability.
What is the severity of this vulnerability?
The severity of this vulnerability is high with a CVSS score of 6.5.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/chrome-releases
- agent/software-canonical-lookup-request
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/google
- canonical/google chrome
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox
- canonical/mozilla firefox esr
- vendor/microsoft
- canonical/microsoft windows