CVE-2019-20503
First published: Fri Mar 06 2020(Updated: )
Last updated 24 July 2024
Credit: natashenka Google Project Zeronatashenka Google Project Zeronatashenka Google Project Zeronatashenka Google Project Zero cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | <13.1.1 | 13.1.1 |
| Apple watchOS | <6.2.5 | 6.2.5 |
| Apple tvOS | <13.4.5 | 13.4.5 |
| Apple iOS | <13.5 | 13.5 |
| Apple iPadOS | <13.5 | 13.5 |
| Mozilla Firefox ESR | <68.6 | 68.6 |
| Mozilla Thunderbird | <68.6 | 68.6 |
| redhat/firefox | <68.6 | 68.6 |
| redhat/thunderbird | <68.6 | 68.6 |
| redhat/chromium-browser | <80.0.3987.149 | 80.0.3987.149 |
| Mozilla Firefox | <74 | 74 |
| Usrsctp Project Usrsctp | <2019-12-20 | |
| Usrsctp Project Usrsctp | <0.9.4.0 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| debian/chromium | 120.0.6099.224-1~deb11u1 128.0.6613.84-1~deb12u1 130.0.6723.69-1~deb12u1 129.0.6668.89-1 130.0.6723.69-1 | |
| debian/firefox | 131.0.3-1 | |
| debian/firefox-esr | 115.14.0esr-1~deb11u1 128.3.1esr-1~deb11u1 115.14.0esr-1~deb12u1 128.3.1esr-1~deb12u1 128.3.1esr-2 | |
| debian/libusrsctp | 0.9.3.0+20201102-2 0.9.5.0-2 | |
| debian/thunderbird | 1:115.12.0-1~deb11u1 1:115.16.0esr-1~deb11u1 1:115.12.0-1~deb12u1 1:115.16.0esr-1~deb12u1 1:128.3.2esr-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211177 (Advisory)
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
- https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
- https://www.debian.org/security/2020/dsa-4639
- https://security.gentoo.org/glsa/202003-02
- https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html
- https://security.gentoo.org/glsa/202003-10
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html
- https://access.redhat.com/errata/RHSA-2020:0815
- https://access.redhat.com/errata/RHSA-2020:0816
- https://access.redhat.com/errata/RHSA-2020:0819
- https://access.redhat.com/errata/RHSA-2020:0820
- https://www.debian.org/security/2020/dsa-4642
- https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
- https://crbug.com/1059349
- https://usn.ubuntu.com/4299-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html
- https://www.debian.org/security/2020/dsa-4645
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/
- https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html
- https://usn.ubuntu.com/4328-1/
- https://usn.ubuntu.com/4335-1/
- https://support.apple.com/kb/HT211168
- https://support.apple.com/kb/HT211171
- https://support.apple.com/kb/HT211175
- https://support.apple.com/kb/HT211177
- http://seclists.org/fulldisclosure/2020/May/49
- http://seclists.org/fulldisclosure/2020/May/59
- http://seclists.org/fulldisclosure/2020/May/55
- http://seclists.org/fulldisclosure/2020/May/52
- https://support.apple.com/HT211168
- https://support.apple.com/HT211171
- https://support.apple.com/HT211175
- https://support.apple.com/HT211177
- https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html
- https://launchpad.net/bugs/cve/CVE-2019-20503
- https://support.apple.com/en-us/HT211175 (Advisory)
- https://support.apple.com/en-us/HT211171 (Advisory)
- https://support.apple.com/en-us/HT211168 (Advisory)
- https://bugzilla.mozilla.org/show_bug.cgi?id=1613765
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503
- https://access.redhat.com/security/cve/cve-2019-20503
- https://access.redhat.com/errata/RHSA-2020:0905
- https://access.redhat.com/errata/RHSA-2020:0918
- https://access.redhat.com/errata/RHSA-2020:0919
- https://access.redhat.com/errata/RHSA-2020:0914
- https://bugs.chromium.org/p/chromium/issues/detail?id=1059349
- https://hg.mozilla.org/releases/mozilla-release/rev/23240642f474d6b4e435b509ab0885fe79759a3d
- https://github.com/sctplab/usrsctp/commit/790a7a2
- https://access.redhat.com/errata/RHSA-2020:1270
- https://bugzilla.redhat.com/show_bug.cgi?id=1812203
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
- https://security-tracker.debian.org/tracker/CVE-2019-20503
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20503
- https://nvd.nist.gov/vuln/detail/CVE-2019-20503
- https://ubuntu.com/security/CVE-2019-20503
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9801
- CVE-2020-9802
- CVE-2020-9805
- CVE-2020-9800
- CVE-2020-9806
- CVE-2020-9807
- CVE-2020-9850
- CVE-2020-9843
- CVE-2020-9803
- CVE-2019-20503
- CVE-2020-9827
- CVE-2020-9842
- CVE-2020-9815
- CVE-2020-9791
- CVE-2020-9829
- CVE-2020-9816
- CVE-2020-3878
- CVE-2020-9789
- CVE-2020-9790
- CVE-2020-9821
- CVE-2020-9797
- CVE-2020-9852
- CVE-2020-9795
- CVE-2020-9808
- CVE-2020-9811
- CVE-2020-9812
- CVE-2020-9813
- CVE-2020-9814
- CVE-2020-9809
- CVE-2020-9994
- CVE-2020-9819
- CVE-2020-9818
- CVE-2014-9512
- CVE-2020-9794
- CVE-2020-9839
- CVE-2020-9837
- CVE-2020-9854
- CVE-2020-9826
- CVE-2020-6616
- CVE-2020-9838
- CVE-2020-9835
- CVE-2020-9820
- CVE-2020-9823
- CVE-2020-9848
- CVE-2020-9825
- CVE-2020-9792
- CVE-2020-9844
- CVE-2020-9830
- CVE-2020-6805
- CVE-2020-6806
- CVE-2020-6807
- CVE-2020-6811
- CVE-2020-6812
- CVE-2020-6814
- CVE-2020-6808
- CVE-2020-6809
- CVE-2020-6810
- CVE-2020-6813
- CVE-2020-6815
Frequently Asked Questions
What is CVE-2019-20503?
CVE-2019-20503 is a vulnerability in WebRTC that allows for out of bounds reads when parameters are partially outside a chunk.
How does CVE-2019-20503 impact Mozilla Firefox?
CVE-2019-20503 affects Mozilla Firefox version up to 74 and Firefox ESR version up to 68.6, potentially allowing for out of bounds reads.
How does CVE-2019-20503 impact Apple Safari, iOS, iPadOS, watchOS, and tvOS?
CVE-2019-20503 impacts Apple Safari, iOS, iPadOS, watchOS, and tvOS versions up to 13.1.1, 13.5, 13.5, 6.2.5, and 13.4.5 respectively, potentially allowing for out of bounds reads.
What is the severity of CVE-2019-20503?
CVE-2019-20503 is classified as a medium severity vulnerability with a severity score of 4 out of 10.
How can I fix CVE-2019-20503?
To fix CVE-2019-20503, update to the latest version of the affected software, such as Mozilla Firefox 74 or Apple Safari 13.1.1.
- collector/apple-support
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/software-canonical-lookup-request
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-20503
- agent/description
- agent/severity
- agent/weakness
- agent/references
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/author
- collector/nvd-cve
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/apple
- canonical/apple safari
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ios
- canonical/apple ipados
- vendor/mozilla
- canonical/mozilla firefox esr
- canonical/mozilla thunderbird
- package-manager/redhat
- canonical/mozilla firefox
- vendor/usrsctp project
- canonical/usrsctp project usrsctp
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.10
- package-manager/debian