PT-2017-3377 · Mozilla+5 · Firefox Esr+7

Martin Thomson

·

Publicado

2017-06-30

·

Atualizado

2024-12-12

·

CVE-2017-7805

CVSS v2.0

7.6

Alta

VetorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 56 Mozilla Firefox ESR versions prior to 52.4 Thunderbird versions prior to 52.4
Description The issue is related to a use-after-free error in the implementation of the TLS 1.2 protocol. This occurs when the handshake transcript exceeds the available space in the current buffer, causing the allocation of a new buffer and leaving a pointer to the old, freed buffer. As a result, a use-after-free error happens when handshake hashes are calculated, potentially leading to a crash.
Recommendations For Mozilla Firefox versions prior to 56, update to version 56 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 52.4, update to version 52.4 or later to resolve the issue. For Thunderbird versions prior to 52.4, update to version 52.4 or later to resolve the issue.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2017-2358
ALT-PU-2017-2437
ALT-PU-2017-2652
ALT-PU-2017-2703
ALT-PU-2017-2739
BDU:2018-00159
CESA-2017_2832
CVE-2017-7805
DLA-1118-1
DLA-1138-1
DLA-1153-1
DSA-3987-1
DSA-3998-1
DSA-4014-1
MGASA-2017-0361
MGASA-2018-0018
OPENSUSE-SU-2017:2707-1
OPENSUSE-SU-2017:2710-1
OPENSUSE-SU-2017_2615-1
OPENSUSE-SU-2017_2710-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2017:2832
RHSA-2017_2832
SUSE-SU-2017:2688-1
SUSE-SU-2017:2872-1
SUSE-SU-2017:2872-2
USN-3431-1
USN-3435-1
USN-3435-2
USN-3436-1

Produtos afetados

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu