CVE-2017-11696

NameCVE-2017-11696
Descriptionheap-buffer-overflow (write of size 65544) in __hash_open (lib/dbm/src/hash.c:241)
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
Debian Bugs873257

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nss (PTS)wheezy2:3.14.5-1+deb7u5vulnerable
wheezy (security)2:3.26-1+debu7u5vulnerable
jessie2:3.26-1+debu8u2vulnerable
jessie (security)2:3.26-1+debu8u3vulnerable
stretch2:3.26.2-1.1vulnerable
stretch (security)2:3.26.2-1.1+deb9u1vulnerable
buster, sid2:3.34-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nsssource(unstable)(unfixed)unimportant873257

Notes

Issues triggered by crafted DBM databases, which would
require local user access to a machine running NSS and
crafting the local DBM files.
http://seclists.org/fulldisclosure/2017/Aug/17
https://bugzilla.mozilla.org/show_bug.cgi?id=1360778

Search for package or bug name: Reporting problems