FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-27 12:04:33 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e71fd9d3-af47-11e7-a633-009c02a2ab30nss -- Use-after-free in TLS 1.2 generating handshake hashes

Mozilla reports:

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.


Discovery 2017-08-04
Entry 2017-10-12
Modified 2018-01-29
nss
>= 3.32 lt 3.32.1

>= 3.28 lt 3.28.6

linux-c6-nss
>= 3.28 lt 3.28.4_2

linux-c7-nss
>= 3.28 lt 3.28.4_2

https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805
https://hg.mozilla.org/projects/nss/rev/2d7b65b72290
https://hg.mozilla.org/projects/nss/rev/d3865e2957d0
CVE-2017-7805
4cb165f0-6e48-423e-8147-92255d35c0f7NSS -- multiple vulnerabilities

Mozilla Foundation reports:

An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.


Discovery 2017-03-17
Entry 2017-04-19
nss
linux-f10-nss
linux-c6-nss
linux-c7-nss
>= 3.30 lt 3.30.1

>= 3.29 lt 3.29.5

>= 3.22 lt 3.28.4

< 3.21.4

CVE-2017-5461
CVE-2017-5462
https://hg.mozilla.org/projects/nss/rev/99a86619eac9
https://hg.mozilla.org/projects/nss/rev/e126381a3c29