CVE ID
CVE-2017-7805
DESCRIPTION
A use-after-free flaw was found in the TLS 1.2 implementation in the NSS
library when client authentication was used. A malicious client could use this
flaw to cause an application compiled against NSS to crash or, potentially,
execute arbitrary code with the permission of the user running the
application.
CVSS3 Base Score 7.5
Related CVEs: CVE-2017-7502, CVE-2017-5461
RESOLUTION
Fixed in latest Unitrends security update with
nss-3.28.4-4.el6_9