CVE-2019-11745

Summary

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdbefore 68.3affected
MozillaFirefox ESRbefore 68.3affected
MozillaFirefoxbefore 71affected

Weaknesses

  • Out of bounds write in NSS when encrypting with a block cipher

ADP Enrichment

CVE Program Container

Additional References

References