---

CVE-2019-11745 - log back

CVE-2019-11745 edited at 06 Dec 2019 09:36:06

Description

- An out-of-bounds write vulnerability has been found in the NSS component of Firefox before 71.0. When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. + An out-of-bounds write vulnerability has been found in the NSS component of Firefox before 71.0 and Thunderbird before 68.3. When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash.

CVE-2019-11745 edited at 03 Dec 2019 21:38:52
Severity	- Unknown + Critical
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ An out-of-bounds write vulnerability has been found in the NSS component of Firefox before 71.0. When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11745 + https://bugzilla.mozilla.org/show_bug.cgi?id=1586176
Notes

CVE-2019-11745 created at 03 Dec 2019 19:34:26