CVE-2017-7805

Published: 29 September 2017

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (56.0)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (56.0+build6-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (56.0+build6-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [56.0+build6-0ubuntu0.14.04.1])
nss
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (2:3.32-1ubuntu3)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:3.28.4-0ubuntu0.16.04.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:3.28.4-0ubuntu0.14.04.3)
Patches:
Upstream: https://hg.mozilla.org/projects/nss/rev/839200ce0943166a079284bdf45dcc37bb672925
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (52.4.0)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:52.4.0+build1-0ubuntu2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:52.4.0+build1-0ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:52.4.0+build1-0ubuntu0.14.04.2])