#VU23050 Out-of-bounds write


Published: 2019-11-28

Vulnerability identifier: #VU23050

Vulnerability risk: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11745

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Mozilla NSS
Universal components / Libraries / Libraries used by multiple products

Vendor: Mozilla

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the NSC_EncryptUpdate() function in /lib/softoken/pkcs11c.c, when performing padding operations in Mozilla NSS. A remote attacker can pass specially crafted data to the affected application, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Mozilla NSS: 3.0.1, 3.1, 3.1.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.4.4, 3.3.4.5, 3.3.4.6, 3.3.4.7, 3.3.4.8, 3.3.11, 3.4, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.5, 3.6, 3.6.1, 3.7, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.7.6, 3.7.7, 3.7.8, 3.7.9, 3.7.10, 3.7.11, 3.8, 3.8.1, 3.8.2, 3.9, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.10, 3.10.1, 3.10.2, 3.11, 3.11.1, 3.11.2, 3.11.3, 3.11.4, 3.11.5, 3.11.6, 3.11.7, 3.11.8, 3.11.9, 3.11.10, 3.12, 3.12.1, 3.12.2, 3.12.3, 3.12.3.1, 3.12.3.2, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8, 3.12.9, 3.12.9.1, 3.12.10, 3.12.11, 3.13, 3.13.1, 3.13.2, 3.13.3, 3.13.4, 3.13.5, 3.13.6, 3.14, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.15, 3.15.1, 3.15.2, 3.15.3, 3.15.3.1, 3.15.4, 3.15.5, 3.16, 3.16.1, 3.16.2, 3.16.2.1, 3.16.2.2, 3.16.2.3, 3.16.3, 3.16.4, 3.16.5, 3.16.6, 3.17, 3.17.1, 3.17.2, 3.17.3, 3.17.4, 3.18, 3.18.1, 3.19, 3.19.1, 3.19.2, 3.19.2.1, 3.19.2.2, 3.19.2.3, 3.19.2.4, 3.19.3, 3.19.4, 3.20, 3.20.1, 3.20.2, 3.21, 3.21.1, 3.21.2, 3.21.3, 3.21.4, 3.22, 3.22.1, 3.22.2, 3.22.3, 3.23, 3.24, 3.25, 3.25.1, 3.26, 3.26.1, 3.26.2, 3.27, 3.27.1, 3.27.2, 3.28, 3.28.1, 3.28.2, 3.28.3, 3.28.4, 3.28.5, 3.28.6, 3.29, 3.29.1, 3.29.2, 3.29.3, 3.29.4, 3.29.5, 3.30, 3.30.1, 3.30.2, 3.31, 3.31.1, 3.32, 3.32.1, 3.33, 3.34, 3.34.1, 3.35, 3.36, 3.36.1, 3.36.2, 3.36.3, 3.36.4, 3.36.5, 3.36.6, 3.36.7, 3.36.8, 3.37, 3.37.1, 3.37.2, 3.37.3, 3.38, 3.39, 3.40, 3.40.1, 3.41, 3.41.1, 3.42, 3.42.1, 3.43, 3.44, 3.44.1, 3.44.2, 3.45, 3.46, 3.46.1, 3.47

CPE

External links
https://hg.mozilla.org/projects/nss/rev/4c20de402b3901df0cde590a46be2ba49adc028e
https://hg.mozilla.org/projects/nss/rev/60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability