CLD-57 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
nss |
Deficiency Type |
SECURITY |
Date Created |
2017-09-28 21:31:58 |
Date Last Modified |
2017-09-28 22:13:48 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in nss-3.33-i686-1 |
Cucumber 1.0 x86_64 | fixed in nss-3.33-x86_64-1 and nss-lib_i686-3.33-lib_i686-1 |
Cucumber 1.1 i686 |
fixed in nss-3.33-i686-1 |
Cucumber 1.1 x86_64 |
fixed in nss-3.33-x86_64-1 and nss-lib_i686-3.33-lib_i686-1 |
Details:
A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library
when client authentication was used. A malicious client could use this flaw to
cause an application compiled against NSS to crash or, potentially, execute
arbitrary code with the permission of the user running the application
(https://access.redhat.com/security/cve/CVE-2017-7805).
According to the Red Hat Bugzilla page about this vulnerability
(https://bugzilla.redhat.com/show_bug.cgi?id=1471171), this was fixed by Mozilla
in NSS commit 839200ce0943166a079284bdf45dcc37bb672925
(https://hg.mozilla.org/projects/nss/rev/839200ce0943166a079284bdf45dcc37bb672925).
This commit has been applied in version 3.33 of the NSS library.