Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2019-11759

Medium

6.8/10

Summary

An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

Advisory Timeline

Published Jan 08, 2020

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2019-11759

Summary

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS