RHSA-2017:2832

Affecting nss package, versions <0:3.28.4-12.el7_4

Report new vulnerabilities
high severity
Do your applications use this vulnerable package? Test your applications

Overview

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter.

CVE
RHSA-2017:2832
Snyk ID
SNYK-CENTOS7-NSS-421044
Published
27 Jun, 2018