CVE-2019-20503
First published: Fri Mar 06 2020(Updated: )
Last updated 24 July 2024
Credit: natashenka Google Project Zero cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox ESR | <68.6 | 68.6 |
| Mozilla Thunderbird | <68.6 | 68.6 |
| redhat/firefox | <68.6 | 68.6 |
| redhat/thunderbird | <68.6 | 68.6 |
| redhat/chromium-browser | <80.0.3987.149 | 80.0.3987.149 |
| Mozilla Firefox | <74 | 74 |
| usrsctp project usrsctp | <2019-12-20 | |
| tvOS | <13.4.5 | 13.4.5 |
| debian/chromium | 120.0.6099.224-1~deb11u1 131.0.6778.139-1~deb12u1 133.0.6943.98-1~deb12u1 133.0.6943.98-1 | |
| debian/firefox | 135.0-1 | |
| debian/firefox-esr | 115.14.0esr-1~deb11u1 128.7.0esr-1~deb11u1 128.5.0esr-1~deb12u1 128.7.0esr-1~deb12u1 128.7.0esr-1 | |
| debian/libusrsctp | 0.9.3.0+20201102-2 0.9.5.0-2 | |
| debian/thunderbird | 1:115.12.0-1~deb11u1 1:128.7.0esr-1~deb11u1 1:128.5.0esr-1~deb12u1 1:128.7.0esr-1~deb12u1 1:128.6.0esr-1 | |
| Apple Mobile Safari | <13.1.1 | 13.1.1 |
| Apple iOS, iPadOS, and watchOS | <13.5 | 13.5 |
| Apple iOS, iPadOS, and watchOS | <13.5 | 13.5 |
| Apple iOS, iPadOS, and watchOS | <6.2.5 | 6.2.5 |
| usrsctp project usrsctp | <0.9.4.0 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211177 (Advisory)
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
- https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
- https://www.debian.org/security/2020/dsa-4639
- https://security.gentoo.org/glsa/202003-02
- https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html
- https://security.gentoo.org/glsa/202003-10
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html
- https://access.redhat.com/errata/RHSA-2020:0815
- https://access.redhat.com/errata/RHSA-2020:0816
- https://access.redhat.com/errata/RHSA-2020:0819
- https://access.redhat.com/errata/RHSA-2020:0820
- https://www.debian.org/security/2020/dsa-4642
- https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
- https://crbug.com/1059349
- https://usn.ubuntu.com/4299-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html
- https://www.debian.org/security/2020/dsa-4645
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/
- https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html
- https://usn.ubuntu.com/4328-1/
- https://usn.ubuntu.com/4335-1/
- https://support.apple.com/kb/HT211168
- https://support.apple.com/kb/HT211171
- https://support.apple.com/kb/HT211175
- https://support.apple.com/kb/HT211177
- http://seclists.org/fulldisclosure/2020/May/49
- http://seclists.org/fulldisclosure/2020/May/59
- http://seclists.org/fulldisclosure/2020/May/55
- http://seclists.org/fulldisclosure/2020/May/52
- https://support.apple.com/HT211168
- https://support.apple.com/HT211171
- https://support.apple.com/HT211175
- https://support.apple.com/HT211177
- https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html
- https://launchpad.net/bugs/cve/CVE-2019-20503
- https://support.apple.com/en-us/HT211175 (Advisory)
- https://support.apple.com/en-us/HT211171 (Advisory)
- https://support.apple.com/en-us/HT211168 (Advisory)
- https://bugzilla.mozilla.org/show_bug.cgi?id=1613765
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503
- https://access.redhat.com/security/cve/cve-2019-20503
- https://access.redhat.com/errata/RHSA-2020:0905
- https://access.redhat.com/errata/RHSA-2020:0918
- https://access.redhat.com/errata/RHSA-2020:0919
- https://access.redhat.com/errata/RHSA-2020:0914
- https://bugs.chromium.org/p/chromium/issues/detail?id=1059349
- https://hg.mozilla.org/releases/mozilla-release/rev/23240642f474d6b4e435b509ab0885fe79759a3d
- https://github.com/sctplab/usrsctp/commit/790a7a2
- https://access.redhat.com/errata/RHSA-2020:1270
- https://bugzilla.redhat.com/show_bug.cgi?id=1812203
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
- https://security-tracker.debian.org/tracker/CVE-2019-20503
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20503
- https://nvd.nist.gov/vuln/detail/CVE-2019-20503
- https://ubuntu.com/security/CVE-2019-20503
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-6805
- CVE-2020-6806
- CVE-2020-6807
- CVE-2020-6811
- CVE-2019-20503
- CVE-2020-6812
- CVE-2020-6814
- CVE-2020-6808
- CVE-2020-6809
- CVE-2020-6810
- CVE-2020-6813
- CVE-2020-6815
- CVE-2020-9827
- CVE-2020-9842
- CVE-2020-9815
- CVE-2020-9791
- CVE-2020-9829
- CVE-2020-9816
- CVE-2020-3878
- CVE-2020-9789
- CVE-2020-9790
- CVE-2020-9837
- CVE-2020-9821
- CVE-2020-9797
- CVE-2020-9852
- CVE-2020-9795
- CVE-2020-9808
- CVE-2020-9811
- CVE-2020-9812
- CVE-2020-9813
- CVE-2020-9814
- CVE-2020-9809
- CVE-2020-9994
- CVE-2014-9512
- CVE-2020-9854
- CVE-2020-9794
- CVE-2020-9839
- CVE-2020-9805
- CVE-2020-9802
- CVE-2020-9850
- CVE-2020-9843
- CVE-2020-9803
- CVE-2020-9806
- CVE-2020-9807
- CVE-2020-9800
- CVE-2020-9801
- CVE-2020-9826
- CVE-2020-6616
- CVE-2020-9838
- CVE-2020-9835
- CVE-2020-9820
- CVE-2020-9819
- CVE-2020-9818
- CVE-2020-9823
- CVE-2020-9848
- CVE-2020-9825
- CVE-2020-9792
- CVE-2020-9844
- CVE-2020-9830
Frequently Asked Questions
What is CVE-2019-20503?
CVE-2019-20503 is a vulnerability in WebRTC that allows for out of bounds reads when parameters are partially outside a chunk.
How does CVE-2019-20503 impact Mozilla Firefox?
CVE-2019-20503 affects Mozilla Firefox version up to 74 and Firefox ESR version up to 68.6, potentially allowing for out of bounds reads.
How does CVE-2019-20503 impact Apple Safari, iOS, iPadOS, watchOS, and tvOS?
CVE-2019-20503 impacts Apple Safari, iOS, iPadOS, watchOS, and tvOS versions up to 13.1.1, 13.5, 13.5, 6.2.5, and 13.4.5 respectively, potentially allowing for out of bounds reads.
What is the severity of CVE-2019-20503?
CVE-2019-20503 is classified as a medium severity vulnerability with a severity score of 4 out of 10.
How can I fix CVE-2019-20503?
To fix CVE-2019-20503, update to the latest version of the affected software, such as Mozilla Firefox 74 or Apple Safari 13.1.1.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-20503
- agent/severity
- agent/weakness
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-index
- collector/apple-support
- agent/event
- agent/author
- collector/security-tracker-debian
- source/Debian
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/softwarecombine
- agent/tags
- vendor/mozilla
- canonical/mozilla firefox esr
- canonical/mozilla thunderbird
- package-manager/redhat
- canonical/mozilla firefox
- vendor/usrsctp project
- canonical/usrsctp project usrsctp
- vendor/apple
- canonical/tvos
- package-manager/debian
- canonical/apple mobile safari
- canonical/apple ios, ipados, and watchos
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/debian/9.0
- version/debian/10.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/19.10