Bug 1479197 (CVE-2017-7781)

Summary: CVE-2017-7781 Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)
Product: [Other] Security Response Reporter: Doran Moppert <dmoppert>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dueno, elio.maldonado.batiz, jhorak, kdudka, kengert, nss-nspr-maint, rrelyea, security-response-team, stransky
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-28 04:02:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1485769    
Bug Blocks: 1484228    

Description Doran Moppert 2017-08-08 06:38:04 UTC 
An error in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result `POINT_AT_INFINITY` when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.


External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781


Acknowledgements:

Name: the Mozilla project
Upstream: Antonio Sanso
Comment 1 Tomas Hoger 2017-08-14 09:21:21 UTC 
Upstream commit:

https://hg.mozilla.org/projects/nss/rev/6d1f5f958100

Upstream bug report, which is still non-pubic:

https://bugzilla.mozilla.org/show_bug.cgi?id=1352039
Comment 3 Huzaifa S. Sidhpurwala 2017-08-28 04:02:12 UTC 
Created nss-softokn tracking bugs for this issue:

Affects: fedora-all [bug 1485769]