CVE-2019-17006: nss: crypto primitives missing length checks
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Joe Slater |
Bug Description
CVE-2019-17006: nss: crypto primitives missing length checks
CVSSv2: 10.0 (AV:N/AC:
Description:
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
References:
https:/
https:/
https:/
https:/
https:/
https:/
nss required package version:
nss-3.53.
Packages:
nss
nss-tools
nss-sysinit
nspr required package version:
nspr-4.
Packages:
nspr
nss-softokn required package version:
nss-softokn-
Packages:
nss-softokn
nss-softokn-freebl
nss-util required package version:
nss-util-
Packages:
nss-util
Found during November 2020 StarlingX CVE Scan
CVE References
- 2016-10739
- 2017-6519
- 2018-10360
- 2018-1116
- 2018-1122
- 2018-12404
- 2018-1312
- 2018-13139
- 2018-14348
- 2018-14498
- 2018-15473
- 2018-17199
- 2018-18384
- 2018-19519
- 2018-4700
- 2018-5741
- 2018-5742
- 2018-5743
- 2018-8905
- 2019-0220
- 2019-10160
- 2019-10218
- 2019-11068
- 2019-11745
- 2019-12735
- 2019-13232
- 2019-13734
- 2019-16056
- 2019-17006
- 2019-3813
- 2019-3880
- 2019-5482
- 2019-6477
- 2019-9636
- 2019-9924
- 2019-9948
- 2020-0549
- 2020-10772
- 2020-10878
- 2020-12049
- 2020-12663
- 2020-5208
- 2020-6851
- 2020-8112
- 2020-8617
- 2021-26937
Changed in starlingx: | |
assignee: | nobody → Joe Slater (jslater0wind) |
Changed in starlingx: | |
status: | Triaged → Fix Released |
The process is to address the CVE in stx master first and then cherrypick to the r/stx.4.0 release branch after some soak time