CVE-2022-0566

It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1753094	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-07/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1753094	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-07/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:38

Type	Values Removed	Values Added
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1753094 - Issue Tracking, Permissions Required, Vendor Advisory~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1753094 - Issue Tracking, Permissions Required, Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2022-07/ - Vendor Advisory~~	() https://www.mozilla.org/security/advisories/mfsa2022-07/ - Vendor Advisory
Summary		(es) Es posible que un atacante cree un mensaje de correo electrónico que haga que Thunderbird realice una escritura fuera de los límites de un byte al procesar el mensaje. Esta vulnerabilidad afecta a Thunderbird < 91.6.1.

Information

Published : 2022-12-22 20:15

Updated : 2025-04-16 16:15

NVD link : CVE-2022-0566

Mitre link : CVE-2022-0566

CVE.ORG link : CVE-2022-0566

JSON object : View

Products Affected

mozilla

thunderbird

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-0566", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-12-22T20:15:12.647", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753094", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-07/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753094", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-07/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1."}, {"lang": "es", "value": "Es posible que un atacante cree un mensaje de correo electr\u00f3nico que haga que Thunderbird realice una escritura fuera de los l\u00edmites de un byte al procesar el mensaje. Esta vulnerabilidad afecta a Thunderbird < 91.6.1."}], "lastModified": "2025-04-16T16:15:19.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B362F37E-0127-41F2-BD0B-71EA9C832D15", "versionEndExcluding": "91.6.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}