CVE-2020-26970

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-26970

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26970.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-26970

Downstream

DEBIAN-CVE-2020-26970

DLA-2479-1

DSA-4802-1

RHSA-2020:5398

RHSA-2020:5399

RHSA-2020:5400

RHSA-2020:5644

RHSA-2020:5645

SUSE-SU-2020:3642-1

SUSE-SU-2020:3935-1

UBUNTU-CVE-2020-26970

openSUSE-SU-2024:10601-1

Related

Published

2020-12-09T01:15:13Z

Modified

2025-08-09T20:01:27Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.

References

Affected packages