Bug 2170377 (CVE-2023-0767) - CVE-2023-0767 nss: Arbitrary memory write via PKCS 12
Summary: CVE-2023-0767 nss: Arbitrary memory write via PKCS 12
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-0767
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Red Hat2176626 Red Hat2176627 Red Hat2176630 Red Hat2176631 2176392 Red Hat2176620 Red Hat2176621 Red Hat2176622 Red Hat2176623 Red Hat2176624 Red Hat2176625 Red Hat2176628 Red Hat2176629 Red Hat2177157 Red Hat2177158 Red Hat2177159 Red Hat2177160 Red Hat2177161 Red Hat2177162 Red Hat2177218 Engineering2178006
Blocks: Embargoed2177152
TreeView+ depends on / blocked
 
Reported: 2023-02-16 09:09 UTC by Dhananjay Arunesh
Modified: 2023-04-12 13:35 UTC (History)
16 users (show)

Fixed In Version: firefox 102.8, thunderbird 102.8, nss 3.88.1, nss 3.79.4
Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
Clone Of:
Environment:
Last Closed: 2023-03-23 13:47:02 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:1260 0 None None None 2023-03-15 15:20:09 UTC
Red Hat Product Errata RHBA-2023:1261 0 None None None 2023-03-15 15:34:43 UTC
Red Hat Product Errata RHBA-2023:1264 0 None None None 2023-03-15 15:44:26 UTC
Red Hat Product Errata RHBA-2023:1265 0 None None None 2023-03-15 15:56:57 UTC
Red Hat Product Errata RHBA-2023:1305 0 None None None 2023-03-16 14:28:25 UTC
Red Hat Product Errata RHBA-2023:1313 0 None None None 2023-03-16 16:27:28 UTC
Red Hat Product Errata RHBA-2023:1316 0 None None None 2023-03-16 19:37:47 UTC
Red Hat Product Errata RHBA-2023:1317 0 None None None 2023-03-16 19:44:48 UTC
Red Hat Product Errata RHBA-2023:1318 0 None None None 2023-03-16 20:22:21 UTC
Red Hat Product Errata RHBA-2023:1319 0 None None None 2023-03-20 00:31:19 UTC
Red Hat Product Errata RHBA-2023:1331 0 None None None 2023-03-20 09:04:09 UTC
Red Hat Product Errata RHBA-2023:1339 0 None None None 2023-03-20 11:02:03 UTC
Red Hat Product Errata RHBA-2023:1340 0 None None None 2023-03-20 11:07:05 UTC
Red Hat Product Errata RHBA-2023:1341 0 None None None 2023-03-20 11:51:16 UTC
Red Hat Product Errata RHBA-2023:1345 0 None None None 2023-03-20 13:23:33 UTC
Red Hat Product Errata RHBA-2023:1346 0 None None None 2023-03-20 13:47:18 UTC
Red Hat Product Errata RHBA-2023:1347 0 None None None 2023-03-20 14:53:05 UTC
Red Hat Product Errata RHBA-2023:1348 0 None None None 2023-03-20 15:31:18 UTC
Red Hat Product Errata RHBA-2023:1349 0 None None None 2023-03-20 15:14:39 UTC
Red Hat Product Errata RHBA-2023:1355 0 None None None 2023-03-20 16:36:26 UTC
Red Hat Product Errata RHBA-2023:1356 0 None None None 2023-03-20 17:36:27 UTC
Red Hat Product Errata RHBA-2023:1371 0 None None None 2023-03-21 11:13:59 UTC
Red Hat Product Errata RHBA-2023:1373 0 None None None 2023-03-21 12:23:41 UTC
Red Hat Product Errata RHBA-2023:1375 0 None None None 2023-03-21 13:54:28 UTC
Red Hat Product Errata RHBA-2023:1380 0 None None None 2023-03-21 15:07:09 UTC
Red Hat Product Errata RHBA-2023:1381 0 None None None 2023-03-21 15:54:05 UTC
Red Hat Product Errata RHBA-2023:1389 0 None None None 2023-03-21 20:29:22 UTC
Red Hat Product Errata RHBA-2023:1390 0 None None None 2023-03-21 21:14:08 UTC
Red Hat Product Errata RHBA-2023:1429 0 None None None 2023-03-23 07:49:34 UTC
Red Hat Product Errata RHBA-2023:1432 0 None None None 2023-03-23 09:05:55 UTC
Red Hat Product Errata RHBA-2023:1450 0 None None None 2023-03-23 18:17:06 UTC
Red Hat Product Errata RHBA-2023:1480 0 None None None 2023-03-27 16:00:23 UTC
Red Hat Product Errata RHBA-2023:1481 0 None None None 2023-03-27 16:25:51 UTC
Red Hat Product Errata RHBA-2023:1482 0 None None None 2023-03-27 16:00:31 UTC
Red Hat Product Errata RHBA-2023:1521 0 None None None 2023-03-29 14:41:32 UTC
Red Hat Product Errata RHBA-2023:1535 0 None None None 2023-03-30 15:01:44 UTC
Red Hat Product Errata RHBA-2023:1737 0 None None None 2023-04-11 23:23:57 UTC
Red Hat Product Errata RHBA-2023:1740 0 None None None 2023-04-12 13:35:44 UTC
Red Hat Product Errata RHSA-2023:1252 0 None None None 2023-03-15 10:00:52 UTC
Red Hat Product Errata RHSA-2023:1332 0 None None None 2023-03-20 09:25:47 UTC
Red Hat Product Errata RHSA-2023:1365 0 None None None 2023-03-21 08:17:55 UTC
Red Hat Product Errata RHSA-2023:1366 0 None None None 2023-03-21 09:33:42 UTC
Red Hat Product Errata RHSA-2023:1368 0 None None None 2023-03-21 09:33:27 UTC
Red Hat Product Errata RHSA-2023:1369 0 None None None 2023-03-21 09:43:15 UTC
Red Hat Product Errata RHSA-2023:1370 0 None None None 2023-03-21 09:43:21 UTC
Red Hat Product Errata RHSA-2023:1406 0 None None None 2023-03-22 10:37:22 UTC
Red Hat Product Errata RHSA-2023:1436 0 None None None 2023-03-23 09:05:46 UTC
Red Hat Product Errata RHSA-2023:1479 0 None None None 2023-03-27 15:11:48 UTC
Red Hat Product Errata RHSA-2023:1677 0 None None None 2023-04-10 01:30:35 UTC

Description Dhananjay Arunesh 2023-02-16 09:09:10 UTC 
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767
Comment 1 errata-xmlrpc 2023-02-20 08:16:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0806 https://access.redhat.com/errata/RHSA-2023:0806
Comment 2 errata-xmlrpc 2023-02-20 08:18:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0805 https://access.redhat.com/errata/RHSA-2023:0805
Comment 3 errata-xmlrpc 2023-02-20 08:23:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0809 https://access.redhat.com/errata/RHSA-2023:0809
Comment 4 errata-xmlrpc 2023-02-20 08:25:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0810 https://access.redhat.com/errata/RHSA-2023:0810
Comment 5 errata-xmlrpc 2023-02-20 08:25:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0807 https://access.redhat.com/errata/RHSA-2023:0807
Comment 6 errata-xmlrpc 2023-02-20 08:26:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0811 https://access.redhat.com/errata/RHSA-2023:0811
Comment 7 errata-xmlrpc 2023-02-20 08:27:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0808 https://access.redhat.com/errata/RHSA-2023:0808
Comment 8 errata-xmlrpc 2023-02-20 08:27:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0812 https://access.redhat.com/errata/RHSA-2023:0812
Comment 9 errata-xmlrpc 2023-02-20 12:12:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0818 https://access.redhat.com/errata/RHSA-2023:0818
Comment 10 errata-xmlrpc 2023-02-20 12:12:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0819 https://access.redhat.com/errata/RHSA-2023:0819
Comment 11 errata-xmlrpc 2023-02-20 12:16:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0822 https://access.redhat.com/errata/RHSA-2023:0822
Comment 12 errata-xmlrpc 2023-02-20 12:16:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0817 https://access.redhat.com/errata/RHSA-2023:0817
Comment 13 errata-xmlrpc 2023-02-20 12:17:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0824 https://access.redhat.com/errata/RHSA-2023:0824
Comment 14 errata-xmlrpc 2023-02-20 12:17:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0820 https://access.redhat.com/errata/RHSA-2023:0820
Comment 15 errata-xmlrpc 2023-02-20 12:17:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0821 https://access.redhat.com/errata/RHSA-2023:0821
Comment 16 errata-xmlrpc 2023-02-20 12:18:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0823 https://access.redhat.com/errata/RHSA-2023:0823
Comment 17 Product Security DevOps Team 2023-02-20 17:51:18 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-0767
Comment 20 Mauro Matteo Cascella 2023-03-08 10:00:14 UTC 
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 2176392]
Comment 42 Sandipan Roy 2023-03-10 08:17:49 UTC 
Upstream Patch: https://hg.mozilla.org/projects/nss/rev/684586ec163ad4fbbf15ea2cd1ee5c2da43036ad
Comment 49 errata-xmlrpc 2023-03-15 10:00:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:1252 https://access.redhat.com/errata/RHSA-2023:1252
Comment 50 errata-xmlrpc 2023-03-20 09:25:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:1332 https://access.redhat.com/errata/RHSA-2023:1332
Comment 51 errata-xmlrpc 2023-03-21 08:17:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1365 https://access.redhat.com/errata/RHSA-2023:1365
Comment 52 errata-xmlrpc 2023-03-21 09:33:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1368 https://access.redhat.com/errata/RHSA-2023:1368
Comment 53 errata-xmlrpc 2023-03-21 09:33:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2023:1366 https://access.redhat.com/errata/RHSA-2023:1366
Comment 54 errata-xmlrpc 2023-03-21 09:43:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:1369 https://access.redhat.com/errata/RHSA-2023:1369
Comment 55 errata-xmlrpc 2023-03-21 09:43:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1370 https://access.redhat.com/errata/RHSA-2023:1370
Comment 56 errata-xmlrpc 2023-03-22 10:37:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:1406 https://access.redhat.com/errata/RHSA-2023:1406
Comment 57 errata-xmlrpc 2023-03-23 09:05:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:1436 https://access.redhat.com/errata/RHSA-2023:1436
Comment 58 Product Security DevOps Team 2023-03-23 13:46:59 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-0767
Comment 59 errata-xmlrpc 2023-03-27 15:11:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:1479 https://access.redhat.com/errata/RHSA-2023:1479
Comment 60 errata-xmlrpc 2023-04-10 01:30:32 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2023:1677 https://access.redhat.com/errata/RHSA-2023:1677
Note You need to log in before you can comment on or make changes to this bug.