Good afternoon. Multiple flaws in NSS were reported to Mozilla on or around 28 
April 2017 and as of this notification have not been resolved and as such, I am 
disclosing them to the public so that anyone making use of NSS is aware that 
these exist. Please note that as I send this, the bugs remain hidden on the 
Mozilla Bugzilla tracker.

What is NSS? Network Security Services (NSS) comprises a set of libraries 
designed to support cross-platform development of security-enabled client and 
server applications with optional support for hardware TLS/SSL acceleration on 
the server side and hardware smart cards on the client side. NSS provides a 
complete open-source implementation of cryptographic libraries supporting 
Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME.

All of the following flaws were triggered with changeset 13315:769f9ae07b10 in 
Mozilla's Mercurial repository ( and can 
all be triggered using the NSS tool `certutil` and malformed `cert8.db` files 
which I have uploaded to

CVE-2017-11695: heap-buffer-overflow (write of size 8) in alloc_segs 

CVE-2017-11696: heap-buffer-overflow (write of size 65544) in __hash_open 

CVE-2017-11697: Floating Point Exception in __hash_open (hash.c:229)

CVE-2017-11698: heap-buffer-overflow (write of size 2) in __get_page 

These flaws were discovered by Brian Carpenter of Geeknik Labs 
( using the American Fuzzy Lop tool.

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Reply via email to