Attachment #187103 for bug #222952

View | Details | Raw Unified | Return to bug 222952 | Differences between
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="e71fd9d3-af47-11e7-a633-009c02a2ab30">
    <topic>nss -- Use-after-free in TLS 1.2 generating handshake hashes</topic>
    <affects>
      <package>
	<name>nss</name>
	<range><lt>3.32.1</lt></range>
      </package>
      <package>
	<name>linux-c6-nss</name>
	<range><lt>3.32.1</lt></range>
      </package>
      <package>
	<name>linux-c7-nss</name>
	<range><lt>3.32.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mozilla reports:</p>
	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805">
	  <p>During TLS 1.2 exchanges, handshake hashes are generated which
	     point to a message buffer. This saved data is used for later
	     messages but in some cases, the handshake transcript can
	     exceed the space available in the current buffer, causing the
	     allocation of a new buffer. This leaves a pointer pointing to
	     the old, freed buffer, resulting in a use-after-free when
	     handshake hashes are then calculated afterwards. This can
	     result in a potentially exploitable crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805</url>
      <cvename>CVE-2017-7805</cvename>
    </references>
    <dates>
      <discovery>2017-08-04</discovery>
      <entry>2017-10-12</entry>
    </dates>
  </vuln>

  <vuln vid="15a62f22-098a-443b-94e2-2d26c375b993">
    <topic>osip -- Improper Restriction of Operations within the Bounds of a Memory Buffer</topic>
    <affects>

Return to bug 222952

Lines 58-63 Link Here

(-)security/vuxml/vuln.xml (+41 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="e71fd9d3-af47-11e7-a633-009c02a2ab30">
		62	<topic>nss -- Use-after-free in TLS 1.2 generating handshake hashes</topic>
		63	<affects>
		64	<package>
		65	<name>nss</name>
		66	<range><lt>3.32.1</lt></range>
		67	</package>
		68	<package>
		69	<name>linux-c6-nss</name>
		70	<range><lt>3.32.1</lt></range>
		71	</package>
		72	<package>
		73	<name>linux-c7-nss</name>
		74	<range><lt>3.32.1</lt></range>
		75	</package>
		76	</affects>
		77	<description>
		78	<body xmlns="http://www.w3.org/1999/xhtml">
		79	<p>Mozilla reports:</p>
		80	<blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805">
		81	<p>During TLS 1.2 exchanges, handshake hashes are generated which
		82	point to a message buffer. This saved data is used for later
		83	messages but in some cases, the handshake transcript can
		84	exceed the space available in the current buffer, causing the
		85	allocation of a new buffer. This leaves a pointer pointing to
		86	the old, freed buffer, resulting in a use-after-free when
		87	handshake hashes are then calculated afterwards. This can
		88	result in a potentially exploitable crash.</p>
		89	</blockquote>
		90	</body>
		91	</description>
		92	<references>
		93	<url>https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805</url>
		94	<cvename>CVE-2017-7805</cvename>
		95	</references>
		96	<dates>
		97	<discovery>2017-08-04</discovery>
		98	<entry>2017-10-12</entry>
		99	</dates>
		100	</vuln>
		101
61	<vuln vid="15a62f22-098a-443b-94e2-2d26c375b993">	102	<vuln vid="15a62f22-098a-443b-94e2-2d26c375b993">
62	<topic>osip -- Improper Restriction of Operations within the Bounds of a Memory Buffer</topic>	103	<topic>osip -- Improper Restriction of Operations within the Bounds of a Memory Buffer</topic>
63	<affects>	104	<affects>