ID CVE-2017-7805
Summary During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:52.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox_esr:52.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-10-2018 - 01:30)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1471171
title CVE-2017-7805 nss: Potential use-after-free in TLS 1.2 server when verifying client authentication
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment nss is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832005
        • comment nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364010
      • AND
        • comment nss-devel is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832009
        • comment nss-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364016
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832007
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364018
      • AND
        • comment nss-sysinit is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832013
        • comment nss-sysinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364014
      • AND
        • comment nss-tools is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832011
        • comment nss-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364012
  • AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment nss is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832022
        • comment nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364010
      • AND
        • comment nss-devel is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832021
        • comment nss-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364016
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832019
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364018
      • AND
        • comment nss-sysinit is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832023
        • comment nss-sysinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364014
      • AND
        • comment nss-tools is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832020
        • comment nss-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364012
rhsa
id RHSA-2017:2832
released 2017-09-28
severity Important
title RHSA-2017:2832: nss security update (Important)
rpms
  • nss-0:3.28.4-4.el6_9
  • nss-devel-0:3.28.4-4.el6_9
  • nss-pkcs11-devel-0:3.28.4-4.el6_9
  • nss-sysinit-0:3.28.4-4.el6_9
  • nss-tools-0:3.28.4-4.el6_9
  • nss-0:3.28.4-12.el7_4
  • nss-devel-0:3.28.4-12.el7_4
  • nss-pkcs11-devel-0:3.28.4-12.el7_4
  • nss-sysinit-0:3.28.4-12.el7_4
  • nss-tools-0:3.28.4-12.el7_4
refmap via4
bid 101059
confirm
debian
  • DSA-3987
  • DSA-3998
  • DSA-4014
gentoo GLSA-201803-14
mlist [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
sectrack 1039465
Last major update 17-10-2018 - 01:30
Published 11-06-2018 - 21:29
Back to Top