CVE-2017-7805

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/101059

http://www.securitytracker.com/id/1039465

https://access.redhat.com/errata/RHSA-2017:2832

https://bugzilla.mozilla.org/show_bug.cgi?id=1377618

https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html

https://security.gentoo.org/glsa/201803-14

https://www.debian.org/security/2017/dsa-3987

https://www.debian.org/security/2017/dsa-3998

https://www.debian.org/security/2017/dsa-4014

https://www.mozilla.org/security/advisories/mfsa2017-21/

https://www.mozilla.org/security/advisories/mfsa2017-22/

https://www.mozilla.org/security/advisories/mfsa2017-23/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-10-17

Type: CWE-416

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
127350NewStart CGSL MAIN 4.05 : nss Vulnerability (NS-SA-2019-0112)NessusNewStart CGSL Local Security Checks
high
124900EulerOS Virtualization for ARM 64 3.0.1.0 : nss (EulerOS-SA-2019-1397)NessusHuawei Local Security Checks
medium
119229Virtuozzo 6 : nss / nss-devel / nss-pkcs11-devel / nss-sysinit / etc (VZLSA-2017-2832)NessusVirtuozzo Local Security Checks
high
700331Mozilla Firefox ESR < 52.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
700321Mozilla Firefox < 56 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
109912Solaris 10 (x86) : 119214-37NessusSolaris Local Security Checks
high
109911Solaris 10 (sparc) : 119213-37NessusSolaris Local Security Checks
high
108820GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
106884GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
104542SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-2)NessusSuSE Local Security Checks
critical
104340Debian DSA-4014-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
104335Debian DLA-1153-1 : icedove/thunderbird security updateNessusDebian Local Security Checks
critical
104254SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-1)NessusSuSE Local Security Checks
critical
103988Debian DLA-1138-1 : nss security updateNessusDebian Local Security Checks
high
103938EulerOS 2.0 SP2 : nss (EulerOS-SA-2017-1247)NessusHuawei Local Security Checks
high
103937EulerOS 2.0 SP1 : nss (EulerOS-SA-2017-1246)NessusHuawei Local Security Checks
high
103828FreeBSD : nss -- Use-after-free in TLS 1.2 generating handshake hashes (e71fd9d3-af47-11e7-a633-009c02a2ab30)NessusFreeBSD Local Security Checks
high
103824Amazon Linux AMI : nss (ALAS-2017-911)NessusAmazon Linux Local Security Checks
high
103808Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : thunderbird vulnerabilities (USN-3436-1)NessusUbuntu Local Security Checks
critical
103798openSUSE Security Update : MozillaThunderbird (openSUSE-2017-1144)NessusSuSE Local Security Checks
critical
103794Debian DSA-3998-1 : nss - security updateNessusDebian Local Security Checks
high
103768SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2688-1)NessusSuSE Local Security Checks
critical
103680Mozilla Firefox < 56 Multiple VulnerabilitiesNessusWindows
critical
103679Mozilla Firefox ESR < 52.4 Multiple VulnerabilitiesNessusWindows
critical
103678Mozilla Firefox < 56 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
103677Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
103667Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox regression (USN-3435-2)NessusUbuntu Local Security Checks
critical
103646Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox vulnerabilities (USN-3435-1)NessusUbuntu Local Security Checks
critical
103642Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : nss vulnerability (USN-3431-1)NessusUbuntu Local Security Checks
high
103621openSUSE Security Update : Mozilla Firefox and NSS (openSUSE-2017-1114)NessusSuSE Local Security Checks
critical
103595Scientific Linux Security Update : nss on SL6.x, SL7.x i386/x86_64 (20170929)NessusScientific Linux Local Security Checks
high
103579Debian DSA-3987-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
103576Debian DLA-1118-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
103574CentOS 6 / 7 : nss (CESA-2017:2832)NessusCentOS Local Security Checks
high
103562RHEL 6 / 7 : nss (RHSA-2017:2832)NessusRed Hat Local Security Checks
high
103559Oracle Linux 6 / 7 : nss (ELSA-2017-2832)NessusOracle Linux Local Security Checks
high
103556FreeBSD : mozilla -- multiple vulnerabilities (1098a15b-b0f6-42b7-b5c7-8a8646e8be07)NessusFreeBSD Local Security Checks
critical