CVE-2019-11745 — Out-of-bounds Write in Mozilla Firefox
Severity
8.8HIGHNVD
EPSS
0.8%
top 25.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 8
Latest updateMay 24
Description
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages16 packages
Also affects: Debian Linux 9.0, Ubuntu Linux 16.04, 18.04, 19.10, Enterprise Linux 6.6
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-gmvm-jpfj-v3f5: When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could↗2022-05-24
OSV▶
CVE-2019-11745: When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could↗2020-01-08
CVEList▶
CVE-2019-11745: When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could↗2020-01-08
📋Vendor Advisories
8💬Community
1Bugzilla▶
CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate↗2019-11-21