admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2017/7xxx/CVE-2017-7805.json
CVE Team e1a2844ced
- Synchronized data.
2018-10-16 21:06:21 -04:00

146 lines
5.1 KiB
JSON
Raw Blame History

{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-7805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "56"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.4"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.4"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free in TLS 1.2 generating handshake hashes"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1377618",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1377618"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-21/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-21/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-22/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-22/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-23/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-23/"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "DSA-3987",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3987"
},
{
"name" : "DSA-3998",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3998"
},
{
"name" : "DSA-4014",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4014"
},
{
"name" : "GLSA-201803-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201803-14"
},
{
"name" : "RHSA-2017:2832",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2832"
},
{
"name" : "101059",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101059"
},
{
"name" : "1039465",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039465"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink