FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e71fd9d3-af47-11e7-a633-009c02a2ab30	nss -- Use-after-free in TLS 1.2 generating handshake hashes Mozilla reports: During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. Discovery 2017-08-04 Entry 2017-10-12 Modified 2018-01-29 nss ge 3.32 lt 3.32.1 ge 3.28 lt 3.28.6 linux-c6-nss ge 3.28 lt 3.28.4_2 linux-c7-nss ge 3.28 lt 3.28.4_2 https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805 https://hg.mozilla.org/projects/nss/rev/2d7b65b72290 https://hg.mozilla.org/projects/nss/rev/d3865e2957d0 CVE-2017-7805
47695a9c-5377-11ec-8be6-d4c9ef517024	NSS -- Memory corruption The Mozilla project reports: Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures (Critical) NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. Discovery 2021-12-01 Entry 2021-12-02 nss < 3.73 CVE-2021-43527 https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/

VuXML ID

Description

e71fd9d3-af47-11e7-a633-009c02a2ab30

nss -- Use-after-free in TLS 1.2 generating handshake hashes

Mozilla reports:

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.

Discovery 2017-08-04
Entry 2017-10-12
Modified 2018-01-29
nss

ge 3.32 lt 3.32.1

ge 3.28 lt 3.28.6

linux-c6-nss

ge 3.28 lt 3.28.4_2

linux-c7-nss

ge 3.28 lt 3.28.4_2

https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805
https://hg.mozilla.org/projects/nss/rev/2d7b65b72290
https://hg.mozilla.org/projects/nss/rev/d3865e2957d0
CVE-2017-7805

47695a9c-5377-11ec-8be6-d4c9ef517024

NSS -- Memory corruption

The Mozilla project reports:

Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures (Critical)

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS.

Discovery 2021-12-01
Entry 2021-12-02
nss

< 3.73

CVE-2021-43527
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/