Details of VAR-202001-1433

ID

VAR-202001-1433

CVE

CVE-2019-11745

TITLE

Mozilla Firefox Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201911-1371

DESCRIPTION

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. ========================================================================= Ubuntu Security Notice USN-4203-2 November 27, 2019 nss vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: NSS could be made to crash or run programs if it received specially crafted input. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that NSS incorrectly handled certain memory operations. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Network Security Service: Multiple vulnerabilities Date: March 16, 2020 Bugs: #627534, #676868, #701840 ID: 202003-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Network Security Service (NSS), the worst of which may lead to arbitrary code execution. Background ========== The Mozilla Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. Please review the CVE identifiers referenced below for details. Impact ====== An attacker could execute arbitrary code, cause a Denial of Service condition or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Network Security Service (NSS) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.49" References ========== [ 1 ] CVE-2017-11695 https://nvd.nist.gov/vuln/detail/CVE-2017-11695 [ 2 ] CVE-2017-11696 https://nvd.nist.gov/vuln/detail/CVE-2017-11696 [ 3 ] CVE-2017-11697 https://nvd.nist.gov/vuln/detail/CVE-2017-11697 [ 4 ] CVE-2017-11698 https://nvd.nist.gov/vuln/detail/CVE-2017-11698 [ 5 ] CVE-2018-18508 https://nvd.nist.gov/vuln/detail/CVE-2018-18508 [ 6 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-37 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: nss-softokn security update Advisory ID: RHSA-2019:4152-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:4152 Issue date: 2019-12-10 CVE Names: CVE-2019-11745 ==================================================================== 1. Summary: An update for nss-softokn is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm x86_64: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm ppc64: nss-softokn-3.44.0-6.el6_10.ppc.rpm nss-softokn-3.44.0-6.el6_10.ppc64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.ppc.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.ppc64.rpm nss-softokn-devel-3.44.0-6.el6_10.ppc.rpm nss-softokn-devel-3.44.0-6.el6_10.ppc64.rpm nss-softokn-freebl-3.44.0-6.el6_10.ppc.rpm nss-softokn-freebl-3.44.0-6.el6_10.ppc64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc64.rpm s390x: nss-softokn-3.44.0-6.el6_10.s390.rpm nss-softokn-3.44.0-6.el6_10.s390x.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.s390.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.s390x.rpm nss-softokn-devel-3.44.0-6.el6_10.s390.rpm nss-softokn-devel-3.44.0-6.el6_10.s390x.rpm nss-softokn-freebl-3.44.0-6.el6_10.s390.rpm nss-softokn-freebl-3.44.0-6.el6_10.s390x.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.s390.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.s390x.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXe+MiNzjgjWX9erEAQiepQ/7BesVlTbWtK/e4tqUqQ2WADoCPilxvBo5 lQ/zdsIXw069qAzU/GutaUM3DN7qvxSDCtxOTeQy605jkHYnV1HPjIXxYkug6ETV atrTxcph7BwV5w3sS4D+/N7FvYaGfluSQL65lihS3VNvtiA3excFw3hyaPeI/miM N7+ZHE+kD3vFL2DL6gOMTa/FGfa2w55ka0ODEpL9xCm+vBwVEyNAYVZqzfDQdWwz 5gWlJd7NEJq1qqrNlMuwOrn3YYd2R9VPcrYEvoNRW/Dcf5BNstDmadIPAVcsG1rT Me5PeII3MRIHLEkgYGFNmrxcctWSdC1VIuMsSUdC1lKnqZSpHMq4JjaNfjh3TAtg 2Avl2Jyhm1N56h6OsQo/UX2A7vRdGfgmVlv5jkFBYvjdilLmFQRCzouyJMAXmbZu pUAqowHA9cN3RUYU7so7cU/4AKI3nlsHpH1o1ExICEUclsKn2rnxJquGMxhsVxEv rnv9JKH4IuGKBxt0KTUZRLYsSdHdbrAhlHvanLCi9px7KvqTNIMpblijHLe/1OqD 9mVJjZpCAIJ3et+qPKzfdnjd76UqWbndQlgAwlVN07XODHBLSZkh0iY1nT1Az/WN +wo3O48nWAzPvg2H5jy/+zq7mLI16W0t2mG8rUXHR2Don93Efomtbs7sFDxiiMOP Iowc4iq7Yac=lxBi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - aarch64, ppc64le, s390x 3. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. 6.6) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-337-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/68.3.0/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/security/advisories/mfsa2019-37/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13722 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-68.3.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-68.3.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-68.3.0esr-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 package: 87f700f9d6e2f2714f34bd4df98daff3 mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: a1fc7f2d55d99552fbfef89c0a4fc4d8 mozilla-firefox-68.3.0esr-x86_64-1_slack14.2.txz Slackware -current package: b398fbd95c214bc1f209344809557650 xap/mozilla-firefox-68.3.0esr-i686-1.txz Slackware x86_64 -current package: 54fdcfaa0337054003900c366020e39f xap/mozilla-firefox-68.3.0esr-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. 8.0) - ppc64le, x86_64 3. For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u2. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8 TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0 hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F 8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5 yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw= =QZmZ -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2019-11745 // VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 156770 // PACKETSTORM: 155609 // PACKETSTORM: 157226 // PACKETSTORM: 155589 // PACKETSTORM: 156299 // PACKETSTORM: 155546 // PACKETSTORM: 156093 // PACKETSTORM: 155601

AFFECTED PRODUCTS

vendor:	siemens	model:	ruggedcom rox mx5000	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	mozilla	model:	thunderbird	scope:	lt	version:	68.3.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	lt	version:	71.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1500	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	mozilla	model:	firefox esr	scope:	lt	version:	68.3	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1501	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx5000	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1400	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1510	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1511	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1512	scope:	lt	version:	2.14.0	Trust: 1.0

sources: NVD: CVE-2019-11745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11745
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201911-1371
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-11745
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11745
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2019-11745
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2019-11745 // CNNVD: CNNVD-201911-1371 // NVD: CVE-2019-11745

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2019-11745

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 155487 // CNNVD: CNNVD-201911-1371

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1371

PATCH

title:	Multiple Mozilla Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106677	Trust: 0.6
title:	Red Hat: Important: nss security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200243 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201461 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194114 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200466 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194152 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss, nss-softokn, nss-util security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194190 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201345 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201267 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-2	Trust: 0.1
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-1	Trust: 0.1
title:	Debian Security Advisories: DSA-4579-1 nss -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0af759a984821af0886871e7a26a298e	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-11745 log	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1379	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1379	Trust: 0.1
title:	IBM: Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=74fd642ff4a4659039a762a5a0a24106	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2023-1942	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-1942	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1384	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1384	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1355	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1355	Trust: 0.1
title:	Ubuntu Security Notice: firefox vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-1	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201912-2] thunderbird: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-2	Trust: 0.1
title:	Ubuntu Security Notice: firefox vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-2	Trust: 0.1
title:	Ubuntu Security Notice: thunderbird vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4241-1	Trust: 0.1
title:	Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=940e53f5eecee1395e2713b0ed07506b	Trust: 0.1
title:	Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=dffa374fab03b4f5b5596346629ccc8c	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201912-1] firefox: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-1	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=409c1cd1b8ef401020956950fd839000	Trust: 0.1
title:	Mozilla: Security Vulnerabilities fixed in - Firefox 71	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=a8e439d387c58595bbdb24cc3bdadd40	Trust: 0.1
title:	Ubuntu Security Notice: thunderbird vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4335-1	Trust: 0.1
title:	-	url:	https://github.com/vincent-deng/veracode-container-security-finding-parser	Trust: 0.1

sources: VULMON: CVE-2019-11745 // CNNVD: CNNVD-201911-1371

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11745	Trust: 2.6
db:	ICS CERT	id:	ICSA-21-040-04	Trust: 1.7
db:	SIEMENS	id:	SSA-379803	Trust: 1.7
db:	PACKETSTORM	id:	155487	Trust: 0.7
db:	PACKETSTORM	id:	156770	Trust: 0.7
db:	PACKETSTORM	id:	157226	Trust: 0.7
db:	PACKETSTORM	id:	155589	Trust: 0.7
db:	PACKETSTORM	id:	155546	Trust: 0.7
db:	PACKETSTORM	id:	156093	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4739	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4555	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0001	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4083	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1339	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0483	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4449	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4723	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0307	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4579	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4507	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4775	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1173	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3355	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4674	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4610	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1387	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1242	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0491	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0136	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0194	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4594	Trust: 0.6
db:	PACKETSTORM	id:	156721	Trust: 0.6
db:	PACKETSTORM	id:	157142	Trust: 0.6
db:	PACKETSTORM	id:	156704	Trust: 0.6
db:	PACKETSTORM	id:	155989	Trust: 0.6
db:	PACKETSTORM	id:	157345	Trust: 0.6
db:	PACKETSTORM	id:	155622	Trust: 0.6
db:	NSFOCUS	id:	47047	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-1371	Trust: 0.6
db:	VULMON	id:	CVE-2019-11745	Trust: 0.1
db:	PACKETSTORM	id:	155609	Trust: 0.1
db:	PACKETSTORM	id:	156299	Trust: 0.1
db:	PACKETSTORM	id:	155601	Trust: 0.1

sources: VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 156770 // PACKETSTORM: 155609 // PACKETSTORM: 157226 // PACKETSTORM: 155589 // PACKETSTORM: 156299 // PACKETSTORM: 155546 // PACKETSTORM: 156093 // PACKETSTORM: 155601 // CNNVD: CNNVD-201911-1371 // NVD: CVE-2019-11745

REFERENCES

url:	https://access.redhat.com/errata/rhsa-2020:0243	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2020:0466	Trust: 2.4
url:	https://usn.ubuntu.com/4241-1/	Trust: 2.3
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04	Trust: 2.3
url:	https://www.mozilla.org/security/advisories/mfsa2019-37/	Trust: 1.8
url:	https://security.gentoo.org/glsa/202003-37	Trust: 1.8
url:	https://www.mozilla.org/security/advisories/mfsa2019-38/	Trust: 1.7
url:	https://www.mozilla.org/security/advisories/mfsa2019-36/	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1586176	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html	Trust: 1.7
url:	https://security.gentoo.org/glsa/202003-02	Trust: 1.7
url:	https://security.gentoo.org/glsa/202003-10	Trust: 1.7
url:	https://usn.ubuntu.com/4335-1/	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11745	Trust: 1.5
url:	https://usn.ubuntu.com/4203-2/	Trust: 0.7
url:	https://usn.ubuntu.com/4203-1/	Trust: 0.7
url:	https://access.redhat.com/errata/rhsa-2019:4152	Trust: 0.7
url:	https://usn.ubuntu.com/4216-2/	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2019:4117	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193347-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193395-1.html	Trust: 0.6
url:	https://www.debian.org/security/2019/dsa-4579	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193339-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201914260-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2020/suse-su-20200088-1.html	Trust: 0.6
url:	https://lists.debian.org/debian-lts-announce/2019/11/msg00026.html	Trust: 0.6
url:	https://www.debian.org/lts/security/2019/dla-2020	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2019:4190	Trust: 0.6
url:	https://packetstormsecurity.com/files/155589/red-hat-security-advisory-2019-4114-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4449/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-cve-2019-11729-cve-2019-11745/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155622/red-hat-security-advisory-2019-4190-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/155546/slackware-security-advisory-mozilla-firefox-updates.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0136/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155487/ubuntu-security-notice-usn-4203-2.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-nss-softokn-nss-util-vulnerability-cve-2019-11729-and-cve-2019-11745/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0483/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156770/gentoo-linux-security-advisory-202003-37.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0194/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-network-security-services-nss-vulnerabilities-cve-2019-11729-and-cve-2019-11745/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3355/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157226/red-hat-security-advisory-2020-1461-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/155989/ubuntu-security-notice-usn-4241-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4083	Trust: 0.6
url:	https://packetstormsecurity.com/files/156093/red-hat-security-advisory-2020-0243-01.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6520674	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4739/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/mozilla-nss-buffer-overflow-via-nsc-encryptupdate-30971	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4507/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1339/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157345/ubuntu-security-notice-usn-4335-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4579/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0307/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157142/red-hat-security-advisory-2020-1345-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4775/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4555/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4610/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4723/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156704/gentoo-linux-security-advisory-202003-02.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4674/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0001/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-11745/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4594/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156721/gentoo-linux-security-advisory-202003-10.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-multiple-vulnerabilities/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0491	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1173/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1242/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1387/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47047	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://access.redhat.com/security/team/key/	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-11745	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/4203-1	Trust: 0.1
url:	https://usn.ubuntu.com/4203-2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11696	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11695	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18508	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11697	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11698	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0495	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-0495	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1461	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2019:4114	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17008	Trust: 0.1
url:	http://slackware.com	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17010	Trust: 0.1
url:	https://www.mozilla.org/security/known-vulnerabilities/firefoxesr.html	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13722	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17008	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17011	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17005	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17009	Trust: 0.1
url:	http://slackware.com/gpg-key	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11745	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17011	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17010	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13722	Trust: 0.1
url:	http://osuosl.org)	Trust: 0.1
url:	https://www.mozilla.org/en-us/firefox/68.3.0/releasenotes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17005	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17009	Trust: 0.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17012	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17012	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/nss	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17007	Trust: 0.1

CREDITS

Ubuntu,Red Hat,Craig Disselkoen,Slackware Security Team,Gentoo

Trust: 0.6

sources: CNNVD: CNNVD-201911-1371

SOURCES

db:	VULMON	id:	CVE-2019-11745
db:	PACKETSTORM	id:	155487
db:	PACKETSTORM	id:	156770
db:	PACKETSTORM	id:	155609
db:	PACKETSTORM	id:	157226
db:	PACKETSTORM	id:	155589
db:	PACKETSTORM	id:	156299
db:	PACKETSTORM	id:	155546
db:	PACKETSTORM	id:	156093
db:	PACKETSTORM	id:	155601
db:	CNNVD	id:	CNNVD-201911-1371
db:	NVD	id:	CVE-2019-11745

LAST UPDATE DATE

2025-08-11T22:48:15.674000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-11745	date:	2021-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201911-1371	date:	2021-12-03T00:00:00
db:	NVD	id:	CVE-2019-11745	date:	2024-11-21T04:21:42.373

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-11745	date:	2020-01-08T00:00:00
db:	PACKETSTORM	id:	155487	date:	2019-11-28T01:22:40
db:	PACKETSTORM	id:	156770	date:	2020-03-16T22:35:27
db:	PACKETSTORM	id:	155609	date:	2019-12-10T15:49:04
db:	PACKETSTORM	id:	157226	date:	2020-04-15T00:12:17
db:	PACKETSTORM	id:	155589	date:	2019-12-09T15:52:48
db:	PACKETSTORM	id:	156299	date:	2020-02-11T15:56:55
db:	PACKETSTORM	id:	155546	date:	2019-12-04T23:11:46
db:	PACKETSTORM	id:	156093	date:	2020-01-27T22:53:39
db:	PACKETSTORM	id:	155601	date:	2019-12-09T22:22:22
db:	CNNVD	id:	CNNVD-201911-1371	date:	2019-11-26T00:00:00
db:	NVD	id:	CVE-2019-11745	date:	2020-01-08T20:15:12.313