Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 765085 (CVE-2020-16044)

Summary: [Tracker] SCTP COOKIE-ECHO use-after-free in Mozilla products (CVE-2020-16044)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: mozilla
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---
Bug Depends on: 764161, 765088    
Bug Blocks: 766207    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-12 12:36:49 UTC
"A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code."
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-01-22 18:29:36 UTC
All blockers closed, closing.