Bug 1703979 (CVE-2019-17007) - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS.
Summary: CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_Decode...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-17007
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1703987
Blocks: 1704005 1729336
TreeView+ depends on / blocked
 
Reported: 2019-04-29 08:42 UTC by Marian Rehak
Modified: 2019-11-28 06:45 UTC (History)
25 users (show)

Fixed In Version: nss 3.44
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-11-27 13:04:13 UTC


Attachments (Terms of Use)

Description Marian Rehak 2019-04-29 08:42:16 UTC
Main entrypoint for decoding DER blobs in NSS, CERT_DecodeCertPackage() mishandles old Netscape Certificate Sequences, with possible crash as NULL pointer is dereferenced, leading to DoS.

External References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1798

Comment 1 Marian Rehak 2019-04-29 08:42:31 UTC
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 1703987]

Comment 3 Huzaifa S. Sidhpurwala 2019-05-07 04:30:46 UTC
Upstream commit: https://hg.mozilla.org/projects/nss/rev/1473dd7efe2ce4f8722a33ebb03a3425e09887de

Comment 4 Joshua Padman 2019-05-15 23:06:02 UTC
This vulnerability is out of security support scope for the following product:
 * Red Hat Enterprise Application Platform 6

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 5 Huzaifa S. Sidhpurwala 2019-07-16 04:49:09 UTC
Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1533216

Comment 6 Huzaifa S. Sidhpurwala 2019-11-27 13:01:10 UTC
This issue was addressed via upstream nss-3.44, which is already shipped with Red Hat Enterprise Linux 6, 7 and 8.

Comment 7 Huzaifa S. Sidhpurwala 2019-11-28 06:45:40 UTC
Statement:

This issue was addressed via upstream nss-3.44, which is already shipped with Red Hat Enterprise Linux 6, 7 and 8.


Note You need to log in before you can comment on or make changes to this bug.