CVE-2017-7805 - log back

CVE-2017-7805 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A security issue has been found in Thunderbird < 52.4. During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7805
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1377618
Notes