CVE-2017-7805 nss: Potential use-after-free in TLS 1.2 server

CVE ID

CVE-2017-7805

DESCRIPTION

A use-after-free flaw was found in the TLS 1.2 implementation in the NSS
library when client authentication was used. A malicious client could use this
flaw to cause an application compiled against NSS to crash or, potentially,
execute arbitrary code with the permission of the user running the
application.

CVSS3 Base Score    7.5

Related CVEs: CVE-2017-7502, CVE-2017-5461
 

RESOLUTION

Fixed in latest Unitrends security update with
   nss-3.28.4-4.el6_9

LINK TO ADVISORIES

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section