[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#61573: Arbitrary memory write vulnerability in NSS CVE-2023-0767
|
From: |
Leo Famulari |
|
Subject: |
bug#61573: Arbitrary memory write vulnerability in NSS CVE-2023-0767 |
|
Date: |
Fri, 17 Feb 2023 09:50:11 -0500 |
There's a serious vulnerability in NSS:
"An attacker could construct a PKCS 12 cert bundle in such a way that
could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes
being mishandled."
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767
Apparently it is fixed in NSS, but they don't seem to say in which
version:
https://www.mozilla.org/en-US/security/known-vulnerabilities/nss/
Help wanted to fix this bug!
- bug#61573: Arbitrary memory write vulnerability in NSS CVE-2023-0767,
Leo Famulari <=