CVE-2019-11745
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
Al encriptar con un cifrado de bloque, si se realizó una llamada a NSC_EncryptUpdate con datos más pequeños que el tamaño del bloque, podría producirse una pequeña escritura fuera de límites. Esto podría haber causado una corrupción de la pila y un bloqueo explotable potencialmente. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a la versión 68.3, Firefox ESR versiones anteriores a la versión 68.3 y Firefox versiones anteriores a la versión 71.
A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-05-03 CVE Reserved
- 2019-11-28 CVE Published
- 2024-07-06 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | Third Party Advisory |
|
| https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html | Mailing List |
|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 | 2021-02-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Ruggedcom Rox Mx5000 Firmware Search vendor "Siemens" for product "Ruggedcom Rox Mx5000 Firmware" | < 2.14.0 Search vendor "Siemens" for product "Ruggedcom Rox Mx5000 Firmware" and version " < 2.14.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Ruggedcom Rox Mx5000 Search vendor "Siemens" for product "Ruggedcom Rox Mx5000" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Ruggedcom Rox Rx1400 Firmware Search vendor "Siemens" for product "Ruggedcom Rox Rx1400 Firmware" | < 2.14.0 Search vendor "Siemens" for product "Ruggedcom Rox Rx1400 Firmware" and version " < 2.14.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Ruggedcom Rox Rx1400 Search vendor "Siemens" for product "Ruggedcom Rox Rx1400" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Ruggedcom Rox Rx1500 Firmware Search vendor "Siemens" for product "Ruggedcom Rox Rx1500 Firmware" | < 2.14.0 Search vendor "Siemens" for product "Ruggedcom Rox Rx1500 Firmware" and version " < 2.14.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Ruggedcom Rox Rx1500 Search vendor "Siemens" for product "Ruggedcom Rox Rx1500" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Ruggedcom Rox Rx1501 Firmware Search vendor "Siemens" for product "Ruggedcom Rox Rx1501 Firmware" | < 2.14.0 Search vendor "Siemens" for product "Ruggedcom Rox Rx1501 Firmware" and version " < 2.14.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Ruggedcom Rox Rx1501 Search vendor "Siemens" for product "Ruggedcom Rox Rx1501" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Ruggedcom Rox Rx1510 Firmware Search vendor "Siemens" for product "Ruggedcom Rox Rx1510 Firmware" | < 2.14.0 Search vendor "Siemens" for product "Ruggedcom Rox Rx1510 Firmware" and version " < 2.14.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Ruggedcom Rox Rx1510 Search vendor "Siemens" for product "Ruggedcom Rox Rx1510" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Ruggedcom Rox Rx1511 Firmware Search vendor "Siemens" for product "Ruggedcom Rox Rx1511 Firmware" | < 2.14.0 Search vendor "Siemens" for product "Ruggedcom Rox Rx1511 Firmware" and version " < 2.14.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Ruggedcom Rox Rx1511 Search vendor "Siemens" for product "Ruggedcom Rox Rx1511" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Ruggedcom Rox Rx1512 Firmware Search vendor "Siemens" for product "Ruggedcom Rox Rx1512 Firmware" | < 2.14.0 Search vendor "Siemens" for product "Ruggedcom Rox Rx1512 Firmware" and version " < 2.14.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Ruggedcom Rox Rx1512 Search vendor "Siemens" for product "Ruggedcom Rox Rx1512" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Ruggedcom Rox Rx5000 Firmware Search vendor "Siemens" for product "Ruggedcom Rox Rx5000 Firmware" | < 2.14.0 Search vendor "Siemens" for product "Ruggedcom Rox Rx5000 Firmware" and version " < 2.14.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Ruggedcom Rox Rx5000 Search vendor "Siemens" for product "Ruggedcom Rox Rx5000" | - | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 71.0 Search vendor "Mozilla" for product "Firefox" and version " < 71.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 68.3 Search vendor "Mozilla" for product "Firefox Esr" and version " < 68.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 68.3.0 Search vendor "Mozilla" for product "Thunderbird" and version " < 68.3.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.6" | - |
Affected
| ||||||