ID CVE-2017-7805
Summary During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 21-10-2024 - 13:11)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1471171
title CVE-2017-7805 nss: Potential use-after-free in TLS 1.2 server when verifying client authentication
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment nss is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832001
        • comment nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364006
      • AND
        • comment nss-devel is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832003
        • comment nss-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364008
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832005
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364010
      • AND
        • comment nss-sysinit is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832007
        • comment nss-sysinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364012
      • AND
        • comment nss-tools is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832009
        • comment nss-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364014
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment nss is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832012
        • comment nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364006
      • AND
        • comment nss-devel is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832013
        • comment nss-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364008
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832014
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364010
      • AND
        • comment nss-sysinit is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832015
        • comment nss-sysinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364012
      • AND
        • comment nss-tools is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832016
        • comment nss-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364014
rhsa
id RHSA-2017:2832
released 2017-09-28
severity Important
title RHSA-2017:2832: nss security update (Important)
rpms
  • nss-0:3.28.4-12.el7_4
  • nss-0:3.28.4-4.el6_9
  • nss-debuginfo-0:3.28.4-12.el7_4
  • nss-debuginfo-0:3.28.4-4.el6_9
  • nss-devel-0:3.28.4-12.el7_4
  • nss-devel-0:3.28.4-4.el6_9
  • nss-pkcs11-devel-0:3.28.4-12.el7_4
  • nss-pkcs11-devel-0:3.28.4-4.el6_9
  • nss-sysinit-0:3.28.4-12.el7_4
  • nss-sysinit-0:3.28.4-4.el6_9
  • nss-tools-0:3.28.4-12.el7_4
  • nss-tools-0:3.28.4-4.el6_9
refmap via4
bid 101059
confirm
debian
  • DSA-3987
  • DSA-3998
  • DSA-4014
gentoo GLSA-201803-14
mlist [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
sectrack 1039465
Last major update 21-10-2024 - 13:11
Published 11-06-2018 - 21:29
Last modified 21-10-2024 - 13:11
Back to Top