CLD-57 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-7805 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) nss
Deficiency Type SECURITY
Date Created 2017-09-28 21:31:58
Date Last Modified 2017-09-28 22:13:48

Version Specific Information:

Cucumber 1.0 i686fixed in nss-3.33-i686-1
Cucumber 1.0 x86_64fixed in nss-3.33-x86_64-1 and nss-lib_i686-3.33-lib_i686-1

Cucumber 1.1 i686 fixed in nss-3.33-i686-1
Cucumber 1.1 x86_64 fixed in nss-3.33-x86_64-1 and nss-lib_i686-3.33-lib_i686-1


A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library
when client authentication was used. A malicious client could use this flaw to
cause an application compiled against NSS to crash or, potentially, execute
arbitrary code with the permission of the user running the application

According to the Red Hat Bugzilla page about this vulnerability
(, this was fixed by Mozilla
in NSS commit 839200ce0943166a079284bdf45dcc37bb672925
This commit has been applied in version 3.33 of the NSS library.