CVE-2019-20503

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-20503
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20503.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-20503
Downstream
Related
Published
2020-03-06T20:15:12Z
Modified
2025-10-15T10:49:15.901502Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

usrsctp before 2019-12-20 has out-of-bounds reads in sctploadaddressesfrominit.

References

Affected packages

Git / github.com/sctplab/usrsctp

Affected ranges

Type
GIT
Repo
https://github.com/sctplab/usrsctp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
790a7a2555aefb392a5a69923f1e9d17b4968467

Affected versions

0.*

0.9.3.0

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467",
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "usrsctplib/netinet/sctp_pcb.c"
        },
        "id": "CVE-2019-20503-14ff5ff7",
        "digest": {
            "line_hashes": [
                "327730508206728550863753806873793731736",
                "232271758629531299930137668846449714744",
                "194005753297318196458770335547941487347",
                "86204924904057636553596664040784693774",
                "244136754859619190609903659491420283679",
                "44612721252499536122830739299996825008",
                "116186934364462999016852279057551526709",
                "64501329213993218393816168186692126019",
                "119328532300576277392225218027534876256",
                "329598022706840916657844249803604086365",
                "176396067618788986641177387171929621588"
            ],
            "threshold": 0.9
        }
    },
    {
        "source": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467",
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "sctp_auth_get_cookie_params",
            "file": "usrsctplib/netinet/sctp_auth.c"
        },
        "id": "CVE-2019-20503-185f67a0",
        "digest": {
            "function_hash": "27420102985421191217555899899753575960",
            "length": 3188.0
        }
    },
    {
        "source": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467",
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "usrsctplib/netinet/sctp_auth.c"
        },
        "id": "CVE-2019-20503-e574742e",
        "digest": {
            "line_hashes": [
                "198649497057395982509242331217339772045",
                "326714267827621994314007627938541425994",
                "200687103341371863484723060369228893508",
                "35232636956357906578787539674949587156",
                "293811026459325849753854165102556642130",
                "187752912983013076529152616624826225304",
                "177037905624134339009325707825459025466"
            ],
            "threshold": 0.9
        }
    },
    {
        "source": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467",
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "sctp_load_addresses_from_init",
            "file": "usrsctplib/netinet/sctp_pcb.c"
        },
        "id": "CVE-2019-20503-e903d135",
        "digest": {
            "function_hash": "72565663288024329373879027215936898435",
            "length": 12999.0
        }
    }
]