Index: security/vuxml/vuln.xml =================================================================== --- security/vuxml/vuln.xml (revision 451868) +++ security/vuxml/vuln.xml (working copy) @@ -58,6 +58,44 @@ * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + nss -- Use-after-free in TLS 1.2 generating handshake hashes + + + nss + linux-c6-nss + linux-c7-nss + 3.323.32.1 + 3.283.28.6 + + + + +

Mozilla reports:

+
During TLS 1.2 exchanges, handshake hashes are generated which + point to a message buffer. This saved data is used for later + messages but in some cases, the handshake transcript can + exceed the space available in the current buffer, causing the + allocation of a new buffer. This leaves a pointer pointing to + the old, freed buffer, resulting in a use-after-free when + handshake hashes are then calculated afterwards. This can + result in a potentially exploitable crash.
+

+ + + + https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805 + https://hg.mozilla.org/projects/nss/rev/2d7b65b72290 + https://hg.mozilla.org/projects/nss/rev/d3865e2957d0 + CVE-2017-7805 + + + 2017-08-04 + 2017-10-12 + + + osip -- Improper Restriction of Operations within the Bounds of a Memory Buffer