FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 16:00:18 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e71fd9d3-af47-11e7-a633-009c02a2ab30nss -- Use-after-free in TLS 1.2 generating handshake hashes

Mozilla reports:

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.


Discovery 2017-08-04
Entry 2017-10-12
Modified 2018-01-29
nss
>= 3.32 lt 3.32.1

>= 3.28 lt 3.28.6

linux-c6-nss
>= 3.28 lt 3.28.4_2

linux-c7-nss
>= 3.28 lt 3.28.4_2

https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805
https://hg.mozilla.org/projects/nss/rev/2d7b65b72290
https://hg.mozilla.org/projects/nss/rev/d3865e2957d0
CVE-2017-7805