Search for vulnerabilities
Vulnerability details: VCID-ywv1-b6gf-aaac
Vulnerability ID VCID-ywv1-b6gf-aaac
Aliases CVE-2020-26970
Summary When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-121 Stack-based Buffer Overflow
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26970.html
rhas Important https://access.redhat.com/errata/RHSA-2020:5398
rhas Important https://access.redhat.com/errata/RHSA-2020:5399
rhas Important https://access.redhat.com/errata/RHSA-2020:5400
rhas Important https://access.redhat.com/errata/RHSA-2020:5644
rhas Important https://access.redhat.com/errata/RHSA-2020:5645
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26970.json
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.00378 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
epss 0.01876 https://api.first.org/data/v1/epss?cve=CVE-2020-26970
generic_textual Medium https://bugzilla.mozilla.org/show_bug.cgi?id=1677338
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1903443
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26970
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2020-26970
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26970
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26970
archlinux High https://security.archlinux.org/AVG-1315
generic_textual Medium https://ubuntu.com/security/notices/USN-4701-1
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2020-53
generic_textual Medium https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26970.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26970.json
https://api.first.org/data/v1/epss?cve=CVE-2020-26970
https://bugzilla.mozilla.org/show_bug.cgi?id=1677338
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26970
https://ubuntu.com/security/notices/USN-4701-1
https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970
https://www.mozilla.org/security/advisories/mfsa2020-53/
1903443 https://bugzilla.redhat.com/show_bug.cgi?id=1903443
ASA-202012-23 https://security.archlinux.org/ASA-202012-23
AVG-1315 https://security.archlinux.org/AVG-1315
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2020-26970 https://nvd.nist.gov/vuln/detail/CVE-2020-26970
mfsa2020-53 https://www.mozilla.org/en-US/security/advisories/mfsa2020-53
RHSA-2020:5398 https://access.redhat.com/errata/RHSA-2020:5398
RHSA-2020:5399 https://access.redhat.com/errata/RHSA-2020:5399
RHSA-2020:5400 https://access.redhat.com/errata/RHSA-2020:5400
RHSA-2020:5644 https://access.redhat.com/errata/RHSA-2020:5644
RHSA-2020:5645 https://access.redhat.com/errata/RHSA-2020:5645
USN-4701-1 https://usn.ubuntu.com/4701-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26970.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2020-26970
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-26970
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-26970
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.56384
EPSS Score 0.00184
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.