CVE-2017-7805 (retired)

Priority
Description
During TLS 1.2 exchanges, handshake hashes are generated which point to a
message buffer. This saved data is used for later messages but in some
cases, the handshake transcript can exceed the space available in the
current buffer, causing the allocation of a new buffer. This leaves a
pointer pointing to the old, freed buffer, resulting in a use-after-free
when handshake hashes are then calculated afterwards. This can result in a
potentially exploitable crash. This vulnerability affects Firefox < 56,
Firefox ESR < 52.4, and Thunderbird < 52.4.
Assigned-to
chrisccoulson
Package
Upstream:released (56.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (56.0+build6-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (56.0+build6-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (56.0+build6-0ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (56.0+build6-0ubuntu1)
Ubuntu 19.04 (Disco Dingo):released (56.0+build6-0ubuntu1)
Package
Source: nss (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2:3.28.4-0ubuntu0.12.04.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:3.28.4-0ubuntu0.14.04.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:3.28.4-0ubuntu0.16.04.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (2:3.32-1ubuntu3)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2:3.32-1ubuntu3)
Ubuntu 19.04 (Disco Dingo):released (2:3.32-1ubuntu3)
Patches:
Upstream:https://hg.mozilla.org/projects/nss/rev/839200ce0943166a079284bdf45dcc37bb672925
Package
Upstream:released (52.4.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1:52.4.0+build1-0ubuntu0.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:52.4.0+build1-0ubuntu0.16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:52.4.0+build1-0ubuntu2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1:52.4.0+build1-0ubuntu2)
Ubuntu 19.04 (Disco Dingo):released (1:52.4.0+build1-0ubuntu2)
More Information

Updated: 2019-03-26 12:26:28 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)