CVE-2017-11696

Priority
Description
Heap-based buffer overflow in the __hash_open function in
lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows
context-dependent attackers to have unspecified impact using a crafted
cert8.db file.
Notes
mdeslaurUpstream NSS will not be fixing this issue.
this is an issue in libnssdbm. NSS 3.35 made SQLite the default
datastore. NSS 3.49 stopped building the legacy datastore.
Package
Source: nss (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):deferred
Ubuntu 14.04 ESM (Trusty Tahr):deferred
Ubuntu 16.04 LTS (Xenial Xerus):deferred
Ubuntu 18.04 LTS (Bionic Beaver):deferred
Ubuntu 20.04 LTS (Focal Fossa):not-affected (2:3.49.1-1ubuntu1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (2:3.49.1-1ubuntu1)
More Information

Updated: 2020-09-09 21:08:07 UTC (commit b67d7d8b03f173f825cd706df5bd078bca500b0e)