CVE-2019-20503
First published: Fri Mar 06 2020(Updated: )
Last updated 24 July 2024
Credit: natashenka Google Project Zero cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/firefox | <68.6 | 68.6 |
| redhat/thunderbird | <68.6 | 68.6 |
| redhat/chromium-browser | <80.0.3987.149 | 80.0.3987.149 |
| tvOS | <13.4.5 | 13.4.5 |
| Apple iOS, iPadOS, and watchOS | <6.2.5 | 6.2.5 |
| Thunderbird | <68.6 | 68.6 |
| libusrsctp | <2019-12-20 | |
| Firefox | <74 | 74 |
| Firefox ESR | <68.6 | 68.6 |
| Safari | <13.1.1 | 13.1.1 |
| libusrsctp | <0.9.4.0 | |
| Debian Linux | =8.0 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.10 | |
| Apple iOS and iPadOS | <13.5 | 13.5 |
| Apple iOS, iPadOS, and macOS | <13.5 | 13.5 |
| debian/chromium | 120.0.6099.224-1~deb11u1 134.0.6998.35-1~deb12u1 135.0.7049.84-1~deb12u1 135.0.7049.52-1 135.0.7049.84-1 | |
| debian/firefox | 137.0.1-1 | |
| debian/firefox-esr | 115.14.0esr-1~deb11u1 128.9.0esr-1~deb11u1 128.8.0esr-1~deb12u1 128.9.0esr-1~deb12u1 128.9.0esr-2 | |
| debian/libusrsctp | 0.9.3.0+20201102-2 0.9.5.0-2 | |
| debian/thunderbird | 1:115.12.0-1~deb11u1 1:128.9.0esr-1~deb11u1 1:128.8.0esr-1~deb12u1 1:128.9.0esr-1~deb12u1 1:128.9.0esr-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211177 (Advisory)
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
- https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
- https://www.debian.org/security/2020/dsa-4639
- https://security.gentoo.org/glsa/202003-02
- https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html
- https://security.gentoo.org/glsa/202003-10
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html
- https://access.redhat.com/errata/RHSA-2020:0815
- https://access.redhat.com/errata/RHSA-2020:0816
- https://access.redhat.com/errata/RHSA-2020:0819
- https://access.redhat.com/errata/RHSA-2020:0820
- https://www.debian.org/security/2020/dsa-4642
- https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
- https://crbug.com/1059349
- https://usn.ubuntu.com/4299-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html
- https://www.debian.org/security/2020/dsa-4645
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/
- https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html
- https://usn.ubuntu.com/4328-1/
- https://usn.ubuntu.com/4335-1/
- https://support.apple.com/kb/HT211168
- https://support.apple.com/kb/HT211171
- https://support.apple.com/kb/HT211175
- https://support.apple.com/kb/HT211177
- http://seclists.org/fulldisclosure/2020/May/49
- http://seclists.org/fulldisclosure/2020/May/59
- http://seclists.org/fulldisclosure/2020/May/55
- http://seclists.org/fulldisclosure/2020/May/52
- https://support.apple.com/HT211168
- https://support.apple.com/HT211171
- https://support.apple.com/HT211175
- https://support.apple.com/HT211177
- https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html
- https://launchpad.net/bugs/cve/CVE-2019-20503
- https://support.apple.com/en-us/HT211175 (Advisory)
- https://support.apple.com/en-us/HT211171 (Advisory)
- https://support.apple.com/en-us/HT211168 (Advisory)
- https://bugzilla.mozilla.org/show_bug.cgi?id=1613765
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503
- https://access.redhat.com/security/cve/cve-2019-20503
- https://access.redhat.com/errata/RHSA-2020:0905
- https://access.redhat.com/errata/RHSA-2020:0918
- https://access.redhat.com/errata/RHSA-2020:0919
- https://access.redhat.com/errata/RHSA-2020:0914
- https://bugs.chromium.org/p/chromium/issues/detail?id=1059349
- https://hg.mozilla.org/releases/mozilla-release/rev/23240642f474d6b4e435b509ab0885fe79759a3d
- https://github.com/sctplab/usrsctp/commit/790a7a2
- https://access.redhat.com/errata/RHSA-2020:1270
- https://bugzilla.redhat.com/show_bug.cgi?id=1812203
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
- https://security-tracker.debian.org/tracker/CVE-2019-20503
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20503
- https://nvd.nist.gov/vuln/detail/CVE-2019-20503
- https://ubuntu.com/security/CVE-2019-20503
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9827
- CVE-2020-9842
- CVE-2020-9815
- CVE-2020-9791
- CVE-2020-9829
- CVE-2020-9816
- CVE-2020-3878
- CVE-2020-9789
- CVE-2020-9790
- CVE-2020-9837
- CVE-2020-9821
- CVE-2020-9797
- CVE-2020-9852
- CVE-2020-9795
- CVE-2020-9808
- CVE-2020-9811
- CVE-2020-9812
- CVE-2020-9813
- CVE-2020-9814
- CVE-2020-9809
- CVE-2020-9994
- CVE-2014-9512
- CVE-2020-9854
- CVE-2020-9794
- CVE-2020-9839
- CVE-2020-9805
- CVE-2020-9802
- CVE-2020-9850
- CVE-2020-9843
- CVE-2020-9803
- CVE-2020-9806
- CVE-2020-9807
- CVE-2020-9800
- CVE-2019-20503
- CVE-2020-9819
- CVE-2020-9818
- CVE-2020-6805
- CVE-2020-6806
- CVE-2020-6807
- CVE-2020-6811
- CVE-2020-6812
- CVE-2020-6814
- CVE-2020-6808
- CVE-2020-6809
- CVE-2020-6810
- CVE-2020-6813
- CVE-2020-6815
- CVE-2020-9801
- CVE-2020-9826
- CVE-2020-6616
- CVE-2020-9838
- CVE-2020-9835
- CVE-2020-9820
- CVE-2020-9823
- CVE-2020-9848
- CVE-2020-9825
- CVE-2020-9792
- CVE-2020-9844
- CVE-2020-9830
Frequently Asked Questions
What is CVE-2019-20503?
CVE-2019-20503 is a vulnerability in WebRTC that allows for out of bounds reads when parameters are partially outside a chunk.
How does CVE-2019-20503 impact Mozilla Firefox?
CVE-2019-20503 affects Mozilla Firefox version up to 74 and Firefox ESR version up to 68.6, potentially allowing for out of bounds reads.
How does CVE-2019-20503 impact Apple Safari, iOS, iPadOS, watchOS, and tvOS?
CVE-2019-20503 impacts Apple Safari, iOS, iPadOS, watchOS, and tvOS versions up to 13.1.1, 13.5, 13.5, 6.2.5, and 13.4.5 respectively, potentially allowing for out of bounds reads.
What is the severity of CVE-2019-20503?
CVE-2019-20503 is classified as a medium severity vulnerability with a severity score of 4 out of 10.
How can I fix CVE-2019-20503?
To fix CVE-2019-20503, update to the latest version of the affected software, such as Mozilla Firefox 74 or Apple Safari 13.1.1.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-20503
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/author
- collector/mozilla-advisory
- source/Mozilla
- collector/nvd-index
- agent/event
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/apple
- canonical/tvos
- canonical/apple ios, ipados, and watchos
- vendor/mozilla
- canonical/thunderbird
- vendor/usrsctp project
- canonical/libusrsctp
- canonical/firefox
- canonical/firefox esr
- canonical/safari
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/19.10
- package-manager/debian
- canonical/apple ios and ipados
- canonical/apple ios, ipados, and macos