CVE-2019-20503

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-20503
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20503.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-20503
Downstream
Related
Published
2020-03-06T20:15:12Z
Modified
2025-09-19T11:01:52.614369Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

usrsctp before 2019-12-20 has out-of-bounds reads in sctploadaddressesfrominit.

References

Affected packages

Git / github.com/sctplab/usrsctp

Affected ranges

Type
GIT
Repo
https://github.com/sctplab/usrsctp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.9.3.0

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2019-20503-14ff5ff7",
            "digest": {
                "line_hashes": [
                    "327730508206728550863753806873793731736",
                    "232271758629531299930137668846449714744",
                    "194005753297318196458770335547941487347",
                    "86204924904057636553596664040784693774",
                    "244136754859619190609903659491420283679",
                    "44612721252499536122830739299996825008",
                    "116186934364462999016852279057551526709",
                    "64501329213993218393816168186692126019",
                    "119328532300576277392225218027534876256",
                    "329598022706840916657844249803604086365",
                    "176396067618788986641177387171929621588"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "target": {
                "file": "usrsctplib/netinet/sctp_pcb.c"
            },
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467"
        },
        {
            "id": "CVE-2019-20503-185f67a0",
            "digest": {
                "length": 3188.0,
                "function_hash": "27420102985421191217555899899753575960"
            },
            "signature_version": "v1",
            "target": {
                "file": "usrsctplib/netinet/sctp_auth.c",
                "function": "sctp_auth_get_cookie_params"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467"
        },
        {
            "id": "CVE-2019-20503-e574742e",
            "digest": {
                "line_hashes": [
                    "198649497057395982509242331217339772045",
                    "326714267827621994314007627938541425994",
                    "200687103341371863484723060369228893508",
                    "35232636956357906578787539674949587156",
                    "293811026459325849753854165102556642130",
                    "187752912983013076529152616624826225304",
                    "177037905624134339009325707825459025466"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "target": {
                "file": "usrsctplib/netinet/sctp_auth.c"
            },
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467"
        },
        {
            "id": "CVE-2019-20503-e903d135",
            "digest": {
                "length": 12999.0,
                "function_hash": "72565663288024329373879027215936898435"
            },
            "signature_version": "v1",
            "target": {
                "file": "usrsctplib/netinet/sctp_pcb.c",
                "function": "sctp_load_addresses_from_init"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467"
        }
    ]
}