CLD-57 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-7805 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) nss
Deficiency Type SECURITY
Date Created 2017-09-28 21:31:58
Date Last Modified 2017-09-28 22:13:48

Version Specific Information:

Cucumber 1.0 i686fixed in nss-3.33-i686-1
Cucumber 1.0 x86_64fixed in nss-3.33-x86_64-1 and nss-lib_i686-3.33-lib_i686-1

Cucumber 1.1 i686 fixed in nss-3.33-i686-1
Cucumber 1.1 x86_64 fixed in nss-3.33-x86_64-1 and nss-lib_i686-3.33-lib_i686-1

Details:

A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library
when client authentication was used. A malicious client could use this flaw to
cause an application compiled against NSS to crash or, potentially, execute
arbitrary code with the permission of the user running the application
(https://access.redhat.com/security/cve/CVE-2017-7805).

According to the Red Hat Bugzilla page about this vulnerability
(https://bugzilla.redhat.com/show_bug.cgi?id=1471171), this was fixed by Mozilla
in NSS commit 839200ce0943166a079284bdf45dcc37bb672925
(https://hg.mozilla.org/projects/nss/rev/839200ce0943166a079284bdf45dcc37bb672925).
This commit has been applied in version 3.33 of the NSS library.