Your submission was sent successfully! Close

CVE-2017-7805

Published: 29 September 2017

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
artful
Released (56.0+build6-0ubuntu1)
bionic
Released (56.0+build6-0ubuntu1)
cosmic
Released (56.0+build6-0ubuntu1)
precise Does not exist

trusty Does not exist
(trusty was released [56.0+build6-0ubuntu0.14.04.1])
upstream
Released (56.0)
xenial
Released (56.0+build6-0ubuntu0.16.04.1)
zesty
Released (56.0+build6-0ubuntu0.17.04.1)
nss
Launchpad, Ubuntu, Debian
artful
Released (2:3.32-1ubuntu3)
bionic
Released (2:3.32-1ubuntu3)
cosmic
Released (2:3.32-1ubuntu3)
precise
Released (2:3.28.4-0ubuntu0.12.04.2)
trusty
Released (2:3.28.4-0ubuntu0.14.04.3)
upstream Needs triage

xenial
Released (2:3.28.4-0ubuntu0.16.04.3)
zesty
Released (2:3.28.4-0ubuntu0.17.04.3)
Patches:
upstream: https://hg.mozilla.org/projects/nss/rev/839200ce0943166a079284bdf45dcc37bb672925
thunderbird
Launchpad, Ubuntu, Debian
artful
Released (1:52.4.0+build1-0ubuntu2)
bionic
Released (1:52.4.0+build1-0ubuntu2)
cosmic
Released (1:52.4.0+build1-0ubuntu2)
precise Does not exist

trusty Does not exist
(trusty was released [1:52.4.0+build1-0ubuntu0.14.04.2])
upstream
Released (52.4.0)
xenial
Released (1:52.4.0+build1-0ubuntu0.16.04.2)
zesty
Released (1:52.4.0+build1-0ubuntu0.17.04.2)