Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 701840 (CVE-2019-11745) - <dev-libs/nss-3.47.1: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)
Summary: <dev-libs/nss-3.47.1: Out-of-bounds write when passing an output buffer small...
Status: RESOLVED FIXED
Alias: CVE-2019-11745
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-02 23:21 UTC by GLSAMaker/CVETool Bot
Modified: 2020-03-16 21:19 UTC (History)
1 user (show)

See Also:
Package list:
dev-libs/nss-3.47.1
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-02 23:21:35 UTC 
CVE-2019-11745 (https://nvd.nist.gov/vuln/detail/CVE-2019-11745):
  Out-of-bounds write when passing an output buffer smaller than the block
  size to NSC_EncryptUpdate.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2019-12-03 01:54:24 UTC 
arm64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2019-12-03 10:04:08 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2019-12-03 10:07:11 UTC 
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-12-03 10:08:46 UTC 
sparc stable
Comment 5 Agostino Sarubbo gentoo-dev 2019-12-03 11:57:16 UTC 
ia64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2019-12-03 11:58:39 UTC 
ppc64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-12-10 10:55:02 UTC 
ppc stable
Comment 8 Rolf Eike Beer archtester 2019-12-10 19:51:38 UTC 
hppa stable
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-15 15:33:39 UTC 
Added to an existing GLSA.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2020-03-16 21:19:40 UTC 
This issue was resolved and addressed in
 GLSA 202003-37 at https://security.gentoo.org/glsa/202003-37
by GLSA coordinator Thomas Deutschmann (whissi).