CVE-2017-7805Use After Free in Mozilla Firefox

CWE-416Use After Free15 documents7 sources
Severity
7.5HIGHNVD
OSV9.8
EPSS
3.2%
top 12.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+6 more
Timeline
PublishedJun 11
Latest updateMay 14

Description

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox <

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

debiandebian/firefox< firefox 56.0-1 (sid)
CVEListV5mozilla/firefoxunspecified56
debiandebian/firefox-esr< firefox 56.0-1 (sid)
CVEListV5mozilla/firefox_esrunspecified52.4
Ubuntumozilla/firefox< 56.0+build6-0ubuntu0.14.04.1+3

Also affects: Debian Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

5
GHSA
GHSA-595h-pjc7-9xf6: During TLS 12022-05-14
OSV
CVE-2017-7805: During TLS 12018-06-11
OSV
thunderbird vulnerabilities2017-10-11
OSV
firefox regression2017-10-04
OSV
firefox vulnerabilities2017-10-02

📋Vendor Advisories

6
Ubuntu
Thunderbird vulnerabilities2017-10-11
Ubuntu
Firefox regression2017-10-04
Ubuntu
NSS vulnerability2017-10-02
Ubuntu
Firefox vulnerabilities2017-10-02
Red Hat
nss: Potential use-after-free in TLS 1.2 server when verifying client authentication2017-09-28

💬Community

3
Bugzilla
CVE-2017-7805 nss: Potential use-after-free in TLS 1.2 server when verifying client authentication [fedora-all]2017-09-28
Bugzilla
CVE-2017-7805 nss: Potential use-after-free in TLS 1.2 server when verifying client authentication2017-07-14
Bugzilla
Potential UAF in TLS 1.2 server when verifying client authentication2017-07-01