Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 765085 (CVE-2020-16044) - [Tracker] SCTP COOKIE-ECHO use-after-free in Mozilla products (CVE-2020-16044)
Summary: [Tracker] SCTP COOKIE-ECHO use-after-free in Mozilla products (CVE-2020-16044)
Status: RESOLVED FIXED
Alias: CVE-2020-16044
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on: MFSA2021-01 MFSA-2021-02
Blocks: CVE-2021-21117, CVE-2021-21118, CVE-2021-21119, CVE-2021-21120, CVE-2021-21121, CVE-2021-21122, CVE-2021-21123, CVE-2021-21124, CVE-2021-21125, CVE-2021-21126, CVE-2021-21127, CVE-2021-21128, CVE-2021-21129, CVE-2021-21130, CVE-2021-21131, CVE-2021-21132, CVE-2021-21133, CVE-2021-21134, CVE-2021-21135, CVE-2021-21136, CVE-2021-21137, CVE-2021-21138, CVE-2021-21139, CVE-2021-21140, CVE-2021-21141
  Show dependency tree
 
Reported: 2021-01-12 12:36 UTC by Sam James
Modified: 2021-01-22 18:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2021-01-12 12:36:49 UTC
"A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code."
Comment 1 John Helmert III (ajak) gentoo-dev Security 2021-01-22 18:29:36 UTC
All blockers closed, closing.