DEBIAN-CVE-2020-26970

DEBIAN-CVE-2020-26970 PUBLISHED CVSS 8.800000190734863 HIGH

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.

Risk Scores

CVSS 3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:14	thunderbird	0, 0, 0
Debian:11	thunderbird	0, 0, 0
Debian:12	thunderbird	0, 0, 0
Debian:13	thunderbird	0, 0, 0

Timeline

Dec 9, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-26970 advisory

Open in Interactive Console →