FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nss -- Use-after-free in TLS 1.2 generating handshake hashes

Affected packages
3.32 <= nss < 3.32.1
3.28 <= nss < 3.28.6
3.28 <= linux-c6-nss < 3.28.4_2
3.28 <= linux-c7-nss < 3.28.4_2


VuXML ID e71fd9d3-af47-11e7-a633-009c02a2ab30
Discovery 2017-08-04
Entry 2017-10-12
Modified 2018-01-29

Mozilla reports:

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.


CVE Name CVE-2017-7805