CVE-2017-7805 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2017-7805?

CVE-2017-7805 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-7805?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird, Debian Debian Linux.

Vulnerability Description

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	52.4.0
Mozilla	Thunderbird	52.4.0
Debian	Debian Linux	7.0

Related Weaknesses (CWE)

CWE-416

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/101059Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039465Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:2832Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1377618Issue TrackingVendor Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00000.htmlThird Party Advisory
https://security.gentoo.org/glsa/201803-14Third Party Advisory
https://www.debian.org/security/2017/dsa-3987Third Party Advisory
https://www.debian.org/security/2017/dsa-3998Third Party Advisory
https://www.debian.org/security/2017/dsa-4014Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2017-21/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-22/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-23/Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/101059Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-7805?

CVE-2017-7805 is a vulnerability with a CVSS score of 7.5 (HIGH). During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space av...

How severe is CVE-2017-7805?

CVE-2017-7805 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-7805?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird, Debian Debian Linux.