Bug 2170377 (CVE-2023-0767) - CVE-2023-0767 nss: Arbitrary memory write via PKCS 12
Summary: CVE-2023-0767 nss: Arbitrary memory write via PKCS 12
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-0767
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2176392 2176620 2176621 2176622 2176623 2176624 2176625 2176626 2176627 2176628 2176629 2176630 2176631 2177157 2177158 2177159 2177160 2177161 2177162 2177218 2178006
Blocks: 2177152
TreeView+ depends on / blocked
 
Reported: 2023-02-16 09:09 UTC by Dhananjay Arunesh
Modified: 2023-06-11 12:00 UTC (History)
16 users (show)

Fixed In Version: firefox 102.8, thunderbird 102.8, nss 3.88.1, nss 3.79.4
Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
Clone Of:
Environment:
Last Closed: 2023-03-23 13:47:02 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:1260 0 None None None 2023-03-15 15:20:09 UTC
Red Hat Product Errata RHBA-2023:1261 0 None None None 2023-03-15 15:34:43 UTC
Red Hat Product Errata RHBA-2023:1264 0 None None None 2023-03-15 15:44:26 UTC
Red Hat Product Errata RHBA-2023:1265 0 None None None 2023-03-15 15:56:57 UTC
Red Hat Product Errata RHBA-2023:1305 0 None None None 2023-03-16 14:28:25 UTC
Red Hat Product Errata RHBA-2023:1313 0 None None None 2023-03-16 16:27:28 UTC
Red Hat Product Errata RHBA-2023:1316 0 None None None 2023-03-16 19:37:47 UTC
Red Hat Product Errata RHBA-2023:1317 0 None None None 2023-03-16 19:44:48 UTC
Red Hat Product Errata RHBA-2023:1318 0 None None None 2023-03-16 20:22:21 UTC
Red Hat Product Errata RHBA-2023:1319 0 None None None 2023-03-20 00:31:19 UTC
Red Hat Product Errata RHBA-2023:1331 0 None None None 2023-03-20 09:04:09 UTC
Red Hat Product Errata RHBA-2023:1339 0 None None None 2023-03-20 11:02:03 UTC
Red Hat Product Errata RHBA-2023:1340 0 None None None 2023-03-20 11:07:05 UTC
Red Hat Product Errata RHBA-2023:1341 0 None None None 2023-03-20 11:51:16 UTC
Red Hat Product Errata RHBA-2023:1345 0 None None None 2023-03-20 13:23:33 UTC
Red Hat Product Errata RHBA-2023:1346 0 None None None 2023-03-20 13:47:18 UTC
Red Hat Product Errata RHBA-2023:1347 0 None None None 2023-03-20 14:53:05 UTC
Red Hat Product Errata RHBA-2023:1348 0 None None None 2023-03-20 15:31:18 UTC
Red Hat Product Errata RHBA-2023:1349 0 None None None 2023-03-20 15:14:39 UTC
Red Hat Product Errata RHBA-2023:1355 0 None None None 2023-03-20 16:36:26 UTC
Red Hat Product Errata RHBA-2023:1356 0 None None None 2023-03-20 17:36:27 UTC
Red Hat Product Errata RHBA-2023:1371 0 None None None 2023-03-21 11:13:59 UTC
Red Hat Product Errata RHBA-2023:1373 0 None None None 2023-03-21 12:23:41 UTC
Red Hat Product Errata RHBA-2023:1375 0 None None None 2023-03-21 13:54:28 UTC
Red Hat Product Errata RHBA-2023:1380 0 None None None 2023-03-21 15:07:09 UTC
Red Hat Product Errata RHBA-2023:1381 0 None None None 2023-03-21 15:54:05 UTC
Red Hat Product Errata RHBA-2023:1389 0 None None None 2023-03-21 20:29:22 UTC
Red Hat Product Errata RHBA-2023:1390 0 None None None 2023-03-21 21:14:08 UTC
Red Hat Product Errata RHBA-2023:1429 0 None None None 2023-03-23 07:49:34 UTC
Red Hat Product Errata RHBA-2023:1432 0 None None None 2023-03-23 09:05:55 UTC
Red Hat Product Errata RHBA-2023:1450 0 None None None 2023-03-23 18:17:06 UTC
Red Hat Product Errata RHBA-2023:1480 0 None None None 2023-03-27 16:00:23 UTC
Red Hat Product Errata RHBA-2023:1481 0 None None None 2023-03-27 16:25:51 UTC
Red Hat Product Errata RHBA-2023:1482 0 None None None 2023-03-27 16:00:31 UTC
Red Hat Product Errata RHBA-2023:1521 0 None None None 2023-03-29 14:41:32 UTC
Red Hat Product Errata RHBA-2023:1535 0 None None None 2023-03-30 15:01:44 UTC
Red Hat Product Errata RHBA-2023:1737 0 None None None 2023-04-11 23:23:57 UTC
Red Hat Product Errata RHBA-2023:1740 0 None None None 2023-04-12 13:35:44 UTC
Red Hat Product Errata RHSA-2023:1252 0 None None None 2023-03-15 10:00:52 UTC
Red Hat Product Errata RHSA-2023:1332 0 None None None 2023-03-20 09:25:47 UTC
Red Hat Product Errata RHSA-2023:1365 0 None None None 2023-03-21 08:17:55 UTC
Red Hat Product Errata RHSA-2023:1366 0 None None None 2023-03-21 09:33:42 UTC
Red Hat Product Errata RHSA-2023:1368 0 None None None 2023-03-21 09:33:27 UTC
Red Hat Product Errata RHSA-2023:1369 0 None None None 2023-03-21 09:43:15 UTC
Red Hat Product Errata RHSA-2023:1370 0 None None None 2023-03-21 09:43:21 UTC
Red Hat Product Errata RHSA-2023:1406 0 None None None 2023-03-22 10:37:22 UTC
Red Hat Product Errata RHSA-2023:1436 0 None None None 2023-03-23 09:05:46 UTC
Red Hat Product Errata RHSA-2023:1479 0 None None None 2023-03-27 15:11:48 UTC
Red Hat Product Errata RHSA-2023:1677 0 None None None 2023-04-10 01:30:35 UTC

Description Dhananjay Arunesh 2023-02-16 09:09:10 UTC 
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767
Comment 1 errata-xmlrpc 2023-02-20 08:16:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0806 https://access.redhat.com/errata/RHSA-2023:0806
Comment 2 errata-xmlrpc 2023-02-20 08:18:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0805 https://access.redhat.com/errata/RHSA-2023:0805
Comment 3 errata-xmlrpc 2023-02-20 08:23:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0809 https://access.redhat.com/errata/RHSA-2023:0809
Comment 4 errata-xmlrpc 2023-02-20 08:25:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0810 https://access.redhat.com/errata/RHSA-2023:0810
Comment 5 errata-xmlrpc 2023-02-20 08:25:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0807 https://access.redhat.com/errata/RHSA-2023:0807
Comment 6 errata-xmlrpc 2023-02-20 08:26:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0811 https://access.redhat.com/errata/RHSA-2023:0811
Comment 7 errata-xmlrpc 2023-02-20 08:27:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0808 https://access.redhat.com/errata/RHSA-2023:0808
Comment 8 errata-xmlrpc 2023-02-20 08:27:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0812 https://access.redhat.com/errata/RHSA-2023:0812
Comment 9 errata-xmlrpc 2023-02-20 12:12:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0818 https://access.redhat.com/errata/RHSA-2023:0818
Comment 10 errata-xmlrpc 2023-02-20 12:12:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0819 https://access.redhat.com/errata/RHSA-2023:0819
Comment 11 errata-xmlrpc 2023-02-20 12:16:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0822 https://access.redhat.com/errata/RHSA-2023:0822
Comment 12 errata-xmlrpc 2023-02-20 12:16:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0817 https://access.redhat.com/errata/RHSA-2023:0817
Comment 13 errata-xmlrpc 2023-02-20 12:17:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0824 https://access.redhat.com/errata/RHSA-2023:0824
Comment 14 errata-xmlrpc 2023-02-20 12:17:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0820 https://access.redhat.com/errata/RHSA-2023:0820
Comment 15 errata-xmlrpc 2023-02-20 12:17:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0821 https://access.redhat.com/errata/RHSA-2023:0821
Comment 16 errata-xmlrpc 2023-02-20 12:18:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0823 https://access.redhat.com/errata/RHSA-2023:0823
Comment 17 Product Security DevOps Team 2023-02-20 17:51:18 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-0767
Comment 20 Mauro Matteo Cascella 2023-03-08 10:00:14 UTC 
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 2176392]
Comment 42 Sandipan Roy 2023-03-10 08:17:49 UTC 
Upstream Patch: https://hg.mozilla.org/projects/nss/rev/684586ec163ad4fbbf15ea2cd1ee5c2da43036ad
Comment 49 errata-xmlrpc 2023-03-15 10:00:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:1252 https://access.redhat.com/errata/RHSA-2023:1252
Comment 50 errata-xmlrpc 2023-03-20 09:25:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:1332 https://access.redhat.com/errata/RHSA-2023:1332
Comment 51 errata-xmlrpc 2023-03-21 08:17:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1365 https://access.redhat.com/errata/RHSA-2023:1365
Comment 52 errata-xmlrpc 2023-03-21 09:33:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1368 https://access.redhat.com/errata/RHSA-2023:1368
Comment 53 errata-xmlrpc 2023-03-21 09:33:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2023:1366 https://access.redhat.com/errata/RHSA-2023:1366
Comment 54 errata-xmlrpc 2023-03-21 09:43:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1369 https://access.redhat.com/errata/RHSA-2023:1369
Comment 55 errata-xmlrpc 2023-03-21 09:43:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1370 https://access.redhat.com/errata/RHSA-2023:1370
Comment 56 errata-xmlrpc 2023-03-22 10:37:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:1406 https://access.redhat.com/errata/RHSA-2023:1406
Comment 57 errata-xmlrpc 2023-03-23 09:05:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:1436 https://access.redhat.com/errata/RHSA-2023:1436
Comment 58 Product Security DevOps Team 2023-03-23 13:46:59 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-0767
Comment 59 errata-xmlrpc 2023-03-27 15:11:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:1479 https://access.redhat.com/errata/RHSA-2023:1479
Comment 60 errata-xmlrpc 2023-04-10 01:30:32 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2023:1677 https://access.redhat.com/errata/RHSA-2023:1677
Note You need to log in before you can comment on or make changes to this bug.