1728436 – (CVE-2019-11719) CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key

Bug 1728436 (CVE-2019-11719) - CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key

Summary: CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-11719
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1733035 1733036 1770065
Blocks:	1729336
TreeView+	depends on / blocked

Reported:	2019-07-10 00:27 UTC by Doran Moppert
Modified:	2021-02-26 05:51 UTC (History)
CC List:	44 users (show)
Fixed In Version:	nss 3.36.8, nss 3.44.1, nss 3.47
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-07-31 01:18:23 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2019:1951	0	None	None	None	2019-07-30 19:49:55 UTC
Red Hat Product Errata	RHSA-2020:4076	0	None	None	None	2020-09-29 20:57:55 UTC

Description Doran Moppert 2019-07-10 00:27:29 UTC

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719

Comment 1 Doran Moppert 2019-07-10 00:27:32 UTC

Acknowledgments:

Name: the Mozilla project
Upstream: Henry Corrigan-Gibbs

Comment 5 Doran Moppert 2019-07-12 01:26:00 UTC

Statement:

Firefox on Red Hat Enterprise Linux is built against the system nss library.

Comment 7 errata-xmlrpc 2019-07-30 19:49:53 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1951 https://access.redhat.com/errata/RHSA-2019:1951

Comment 8 Product Security DevOps Team 2019-07-31 01:18:23 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-11719

Comment 9 Joshua Padman 2019-07-31 05:13:11 UTC

This vulnerability is out of security support scope for the following product:
 * Red Hat Enterprise Application Platform 6

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 10 Mark Cooper 2019-10-04 02:45:59 UTC

The library nss-altfiles does not share any import and/or certificate code with nss. 
 * nss-altfiles only reads information from files in same format as /etc/passwd and /etc/group

Comment 14 errata-xmlrpc 2020-09-29 20:57:52 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4076 https://access.redhat.com/errata/RHSA-2020:4076

Note You need to log in before you can comment on or make changes to this bug.

ahardin
asoldano
bbaranow
bleanhar
bmaxwell
bmontgom
brian.stansberry
ccoleman
cdewolf
chazlett
crypto-team
darran.lofthouse
dedgar
dosoudil
dueno
elio.maldonado.batiz
eparis
iweiss
jawilson
jburrell
jgoulding
jhorak
jokerman
jperkins
kdudka
kengert
krathod
kwills
lgao
mchappel
msochure
msvehla
nss-nspr-maint
nstielau
nwallace
pmackay
psotirop
rguimara
rsvoboda
smaestri
sponnaga
stransky
tom.jenkinson
twalsh