FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e71fd9d3-af47-11e7-a633-009c02a2ab30	nss -- Use-after-free in TLS 1.2 generating handshake hashes Mozilla reports: During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. Discovery 2017-08-04 Entry 2017-10-12 Modified 2018-01-29 nss ge 3.32 lt 3.32.1 ge 3.28 lt 3.28.6 linux-c6-nss ge 3.28 lt 3.28.4_2 linux-c7-nss ge 3.28 lt 3.28.4_2 https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805 https://hg.mozilla.org/projects/nss/rev/2d7b65b72290 https://hg.mozilla.org/projects/nss/rev/d3865e2957d0 CVE-2017-7805
4cb165f0-6e48-423e-8147-92255d35c0f7	NSS -- multiple vulnerabilities Mozilla Foundation reports: An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5. A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5. Discovery 2017-03-17 Entry 2017-04-19 nss linux-f10-nss linux-c6-nss linux-c7-nss ge 3.30 lt 3.30.1 ge 3.29 lt 3.29.5 ge 3.22 lt 3.28.4 < 3.21.4 CVE-2017-5461 CVE-2017-5462 https://hg.mozilla.org/projects/nss/rev/99a86619eac9 https://hg.mozilla.org/projects/nss/rev/e126381a3c29

VuXML ID

Description

e71fd9d3-af47-11e7-a633-009c02a2ab30

nss -- Use-after-free in TLS 1.2 generating handshake hashes

Mozilla reports:

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.

Discovery 2017-08-04
Entry 2017-10-12
Modified 2018-01-29
nss

ge 3.32 lt 3.32.1

ge 3.28 lt 3.28.6

linux-c6-nss

ge 3.28 lt 3.28.4_2

linux-c7-nss

ge 3.28 lt 3.28.4_2

https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805
https://hg.mozilla.org/projects/nss/rev/2d7b65b72290
https://hg.mozilla.org/projects/nss/rev/d3865e2957d0
CVE-2017-7805

4cb165f0-6e48-423e-8147-92255d35c0f7

NSS -- multiple vulnerabilities

Mozilla Foundation reports:

An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

Discovery 2017-03-17
Entry 2017-04-19
nss
linux-f10-nss
linux-c6-nss
linux-c7-nss

ge 3.30 lt 3.30.1

ge 3.29 lt 3.29.5

ge 3.22 lt 3.28.4

< 3.21.4

CVE-2017-5461
CVE-2017-5462
https://hg.mozilla.org/projects/nss/rev/99a86619eac9
https://hg.mozilla.org/projects/nss/rev/e126381a3c29