{
  "threat_severity" : "Important",
  "public_date" : "2019-11-21T00:00:00Z",
  "bugzilla" : {
    "description" : "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate",
    "id" : "1774831",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1774831"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-787",
  "details" : [ "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.", "A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well." ],
  "statement" : "Firefox and Thunderbird on Red Hat Enterprise Linux are built against the system nss library.",
  "acknowledgement" : "Red Hat would like to thank the Mozilla Project for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Ansible Tower 3.4 for RHEL 7",
    "release_date" : "2020-02-18T00:00:00Z",
    "advisory" : "RHBA-2020:0547",
    "cpe" : "cpe:/a:redhat:ansible_tower:3.4::el7",
    "package" : "ansible-tower-34/ansible-tower-memcached:1.4.15-28"
  }, {
    "product_name" : "Red Hat Ansible Tower 3.4 for RHEL 7",
    "release_date" : "2020-02-18T00:00:00Z",
    "advisory" : "RHBA-2020:0547",
    "cpe" : "cpe:/a:redhat:ansible_tower:3.4::el7",
    "package" : "ansible-tower-35/ansible-tower-memcached:1.4.15-28"
  }, {
    "product_name" : "Red Hat Ansible Tower 3.4 for RHEL 7",
    "release_date" : "2020-02-18T00:00:00Z",
    "advisory" : "RHBA-2020:0547",
    "cpe" : "cpe:/a:redhat:ansible_tower:3.4::el7",
    "package" : "ansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2019-12-10T00:00:00Z",
    "advisory" : "RHSA-2019:4152",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "nss-softokn-0:3.44.0-6.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.6 Advanced Update Support",
    "release_date" : "2020-02-11T00:00:00Z",
    "advisory" : "RHSA-2020:0466",
    "cpe" : "cpe:/o:redhat:rhel_aus:6.6",
    "package" : "nss-softokn-0:3.14.3-23.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-12-10T00:00:00Z",
    "advisory" : "RHSA-2019:4190",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "nss-0:3.44.0-7.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-12-10T00:00:00Z",
    "advisory" : "RHSA-2019:4190",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "nss-softokn-0:3.44.0-8.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-12-10T00:00:00Z",
    "advisory" : "RHSA-2019:4190",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "nss-util-0:3.44.0-4.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2020-04-07T00:00:00Z",
    "advisory" : "RHSA-2020:1345",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "nss-softokn-0:3.28.3-9.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2020-04-07T00:00:00Z",
    "advisory" : "RHSA-2020:1345",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "nss-softokn-0:3.28.3-9.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2020-04-07T00:00:00Z",
    "advisory" : "RHSA-2020:1345",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "nss-softokn-0:3.28.3-9.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support",
    "release_date" : "2020-04-01T00:00:00Z",
    "advisory" : "RHSA-2020:1267",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.5",
    "package" : "nss-softokn-0:3.36.0-6.el7_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2020-04-14T00:00:00Z",
    "advisory" : "RHSA-2020:1461",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "nss-softokn-0:3.36.0-6.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-12-09T00:00:00Z",
    "advisory" : "RHSA-2019:4114",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "nss-0:3.44.0-9.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-01-27T00:00:00Z",
    "advisory" : "RHSA-2020:0243",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.0",
    "package" : "nss-0:3.44.0-8.el8_0"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "nss",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-11745\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11745\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes" ],
  "name" : "CVE-2019-11745",
  "csaw" : false
}