{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-0566", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "dateUpdated": "2024-08-02T23:32:46.338Z", "dateReserved": "2022-02-11T00:00:00", "datePublished": "2022-12-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2022-12-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1."}], "affected": [{"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"version": "unspecified", "lessThan": "91.6.1", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-07/"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753094"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Crafted email could trigger an out-of-bounds write"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:32:46.338Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-07/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753094", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "B362F37E-0127-41F2-BD0B-71EA9C832D15", "versionEndExcluding": "91.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1."}, {"lang": "es", "value": "Es posible que un atacante cree un mensaje de correo electr\u00f3nico que haga que Thunderbird realice una escritura fuera de los l\u00edmites de un byte al procesar el mensaje. Esta vulnerabilidad afecta a Thunderbird &lt; 91.6.1."}], "id": "CVE-2022-0566", "lastModified": "2022-12-29T18:15:22.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-22T20:15:12.647", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1753094"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-07/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:0850", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:91.7.0-2.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-03-14T00:00:00Z"}, {"advisory": "RHSA-2022:0845", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:91.7.0-2.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-03-14T00:00:00Z"}, {"advisory": "RHSA-2022:0847", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "thunderbird-0:91.7.0-2.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-03-14T00:00:00Z"}, {"advisory": "RHSA-2022:0843", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "thunderbird-0:91.7.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-03-14T00:00:00Z"}, {"advisory": "RHSA-2022:0853", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "thunderbird-0:91.7.0-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-03-14T00:00:00Z"}], "bugzilla": {"description": "thunderbird: Crafted email could trigger an out-of-bounds write", "id": "2055591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055591"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", "status": "verified"}, "cwe": "CWE-787", "details": ["It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.", "A flaw was found in Thunderbird. The vulnerability occurs due to an out-of-bounds write of one byte when processing the message. This flaw allows an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write."], "name": "CVE-2022-0566", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "thunderbird:flatpak/thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-02-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-0566\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0566\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-07/#CVE-2022-0566"], "threat_severity": "Moderate", "upstream_fix": "Thunderbird 91.6.1"}