Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2019-11745

Published: August 31, 2023Last modified: August 31, 2023

Description

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Severity score breakdown

ParameterValue
Base score8.8
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSnssNot affected (3.85-r1)
StreamnssNot affected (3.92-r0)

References

ON THIS PAGE