ID |
CVE-2017-7805
|
Summary |
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*
-
cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*
-
cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
|
CVSS |
Base: | 5.0 (as of 21-10-2024 - 13:11) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-416 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
redhat
via4
|
advisories | bugzilla | id | 1471171 | title | CVE-2017-7805 nss: Potential use-after-free in TLS 1.2 server when verifying client authentication |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 6 is installed | oval | oval:com.redhat.rhba:tst:20111656003 |
OR | AND | comment | nss is earlier than 0:3.28.4-4.el6_9 | oval | oval:com.redhat.rhsa:tst:20172832001 |
comment | nss is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364006 |
|
AND | comment | nss-devel is earlier than 0:3.28.4-4.el6_9 | oval | oval:com.redhat.rhsa:tst:20172832003 |
comment | nss-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364008 |
|
AND | comment | nss-pkcs11-devel is earlier than 0:3.28.4-4.el6_9 | oval | oval:com.redhat.rhsa:tst:20172832005 |
comment | nss-pkcs11-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364010 |
|
AND | comment | nss-sysinit is earlier than 0:3.28.4-4.el6_9 | oval | oval:com.redhat.rhsa:tst:20172832007 |
comment | nss-sysinit is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364012 |
|
AND | comment | nss-tools is earlier than 0:3.28.4-4.el6_9 | oval | oval:com.redhat.rhsa:tst:20172832009 |
comment | nss-tools is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364014 |
|
|
|
AND | comment | Red Hat Enterprise Linux 7 is installed | oval | oval:com.redhat.rhba:tst:20150364027 |
OR | AND | comment | nss is earlier than 0:3.28.4-12.el7_4 | oval | oval:com.redhat.rhsa:tst:20172832012 |
comment | nss is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364006 |
|
AND | comment | nss-devel is earlier than 0:3.28.4-12.el7_4 | oval | oval:com.redhat.rhsa:tst:20172832013 |
comment | nss-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364008 |
|
AND | comment | nss-pkcs11-devel is earlier than 0:3.28.4-12.el7_4 | oval | oval:com.redhat.rhsa:tst:20172832014 |
comment | nss-pkcs11-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364010 |
|
AND | comment | nss-sysinit is earlier than 0:3.28.4-12.el7_4 | oval | oval:com.redhat.rhsa:tst:20172832015 |
comment | nss-sysinit is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364012 |
|
AND | comment | nss-tools is earlier than 0:3.28.4-12.el7_4 | oval | oval:com.redhat.rhsa:tst:20172832016 |
comment | nss-tools is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364014 |
|
|
|
|
| rhsa | id | RHSA-2017:2832 | released | 2017-09-28 | severity | Important | title | RHSA-2017:2832: nss security update (Important) |
|
| rpms | - nss-0:3.28.4-12.el7_4
- nss-0:3.28.4-4.el6_9
- nss-debuginfo-0:3.28.4-12.el7_4
- nss-debuginfo-0:3.28.4-4.el6_9
- nss-devel-0:3.28.4-12.el7_4
- nss-devel-0:3.28.4-4.el6_9
- nss-pkcs11-devel-0:3.28.4-12.el7_4
- nss-pkcs11-devel-0:3.28.4-4.el6_9
- nss-sysinit-0:3.28.4-12.el7_4
- nss-sysinit-0:3.28.4-4.el6_9
- nss-tools-0:3.28.4-12.el7_4
- nss-tools-0:3.28.4-4.el6_9
|
|
refmap
via4
|
bid | 101059 | confirm | | debian | - DSA-3987
- DSA-3998
- DSA-4014
| gentoo | GLSA-201803-14 | mlist | [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update | sectrack | 1039465 |
|
Last major update |
21-10-2024 - 13:11 |
Published |
11-06-2018 - 21:29 |
Last modified |
21-10-2024 - 13:11 |