CVE-2019-11745

CVSS v3.1 8.8 (High)

CVSS v2.0 6.8 (Medium)

EPSS 0.29 % (69^th)

Affected Products 23

Advisories 35

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Weaknesses

CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2020-01-08 20:15:12
(4 years ago)
Updated Date: 2021-02-19 17:22:17
(3 years ago)

Affected Products

Canonical

Ubuntu Linux

Debian

Debian Linux

Mozilla

Opensuse

Leap

Redhat

Enterprise Linux Server Aus

Siemens

Configuration #1

AND

		CPE23	Up To
OR
	Mozilla Firefox prior 71.0 version	cpe:2.3:a:mozilla:firefox	< 71.0
OR
	Running on/with
	Mozilla Firefox Esr prior 68.3 version	cpe:2.3:a:mozilla:firefox_esr	< 68.3
OR
	Running on/with
	Mozilla Thunderbird prior 68.3.0 version	cpe:2.3:a:mozilla:thunderbird	< 68.3.0

Configuration #2

AND

		CPE23	From	Up To
OR
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1

Configuration #3

AND

		CPE23
OR
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
OR
	Running on/with
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
OR
	Running on/with
	Canonical Ubuntu Linux 19.10	cpe:2.3:o:canonical:ubuntu_linux:19.10

Configuration #4

AND

		CPE23	From	Up To
OR
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #5

AND

		CPE23	From	Up To
OR
	Redhat Enterprise Linux Server Aus 6.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6

Configuration #6

AND

		CPE23	Up To
OR
	Siemens Ruggedcom Rox Mx5000 Firmware prior 2.14.0 version	cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware	< 2.14.0
OR
	Running on/with
	Siemens Ruggedcom Rox Mx5000	cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-

Configuration #7

AND

		CPE23	Up To
OR
	Siemens Ruggedcom Rox Rx1400 Firmware prior 2.14.0 version	cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware	< 2.14.0
OR
	Running on/with
	Siemens Ruggedcom Rox Rx1400	cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-

Configuration #8

AND

		CPE23	Up To
OR
	Siemens Ruggedcom Rox Rx1500 Firmware prior 2.14.0 version	cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware	< 2.14.0
OR
	Running on/with
	Siemens Ruggedcom Rox Rx1500	cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-

Configuration #9

AND

		CPE23	Up To
OR
	Siemens Ruggedcom Rox Rx1501 Firmware prior 2.14.0 version	cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware	< 2.14.0
OR
	Running on/with
	Siemens Ruggedcom Rox Rx1501	cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-

Configuration #10

AND

		CPE23	Up To
OR
	Siemens Ruggedcom Rox Rx1510 Firmware prior 2.14.0 version	cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware	< 2.14.0
OR
	Running on/with
	Siemens Ruggedcom Rox Rx1510	cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-

Configuration #11

AND

		CPE23	Up To
OR
	Siemens Ruggedcom Rox Rx1511 Firmware prior 2.14.0 version	cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware	< 2.14.0
OR
	Running on/with
	Siemens Ruggedcom Rox Rx1511	cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-

Configuration #12

AND

		CPE23	Up To
OR
	Siemens Ruggedcom Rox Rx1512 Firmware prior 2.14.0 version	cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware	< 2.14.0
OR
	Running on/with
	Siemens Ruggedcom Rox Rx1512	cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-

Configuration #13

AND

		CPE23	Up To
OR
	Siemens Ruggedcom Rox Rx5000 Firmware prior 2.14.0 version	cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware	< 2.14.0
OR
	Running on/with
	Siemens Ruggedcom Rox Rx5000	cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-