Package: libnss3-tools
Version: 2:3.73-1
Severity: important
X-Debbugs-Cc: bugrepo...@gringene.org
Dear Maintainer,
I've recently noticed a bug in nss that was reported on Google Project Zero:
https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html
The reporter's claim is as follows:
> The maximum size signature that this structure can handle is whatever the
> largest union member is, in this case that’s RSA at 2048 bytes. That’s 16384
> bits, large enough to accommodate signatures from even the most ridiculously
> oversized keys.
> Okay, but what happens if you justmake a signature that’s bigger than
> that?
> Well, it turns out the answer is memory corruption. Yes, really.
I have tried out their example code on my Debian system, and it results in the
reported Segmentation fault. This is interesting, given that the stated fixed
version is NSS 3.73.0, and Debian is reporting that 3.73-1 is installed.
-- System Information:
Debian Release: 11.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-8-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8),
LANGUAGE=en_NZ:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libnss3-tools depends on:
ii libc6 2.31-13+deb11u2
ii libnspr4 2:4.32-1
ii libnss3 2:3.68-1
ii zlib1g1:1.2.11.dfsg-2
libnss3-tools recommends no packages.
libnss3-tools suggests no packages.
-- no debconf information