CVE-2019-11745: Buffer Overflow

Published Nov 21, 2019
·
Updated

A heap-based buffer overflow was found in the NSCEncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well.

Other sources

A heap-based buffer overflow was found in the NSCEncryptUpdate() function. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss)

Red Hat

Mozilla Network Security Services (NSS), as used in Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write when encrypting with a block cipher. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to corrupt the heap and execute arbitrary code on the vulnerable system or cause a denial of service.

IBM

When encrypting with a block cipher, if a call to NSCEncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash.

Affected Software

66 affected componentsFixes available
redhat/nss-softokn<0:3.44.0-6.el6_10
0:3.44.0-6.el6_10
redhat/nss-softokn<0:3.14.3-23.el6_6
0:3.14.3-23.el6_6
redhat/nss<0:3.44.0-7.el7_7
0:3.44.0-7.el7_7
redhat/nss-softokn<0:3.44.0-8.el7_7
0:3.44.0-8.el7_7
redhat/nss-util<0:3.44.0-4.el7_7
0:3.44.0-4.el7_7
redhat/nss-softokn<0:3.28.3-9.el7_4
0:3.28.3-9.el7_4
redhat/nss-softokn<0:3.36.0-6.el7_5
0:3.36.0-6.el7_5
redhat/nss-softokn<0:3.36.0-6.el7_6
0:3.36.0-6.el7_6
redhat/nss<0:3.44.0-9.el8_1
0:3.44.0-9.el8_1
redhat/nss<0:3.44.0-8.el8_0
0:3.44.0-8.el8_0
redhat/nss<3.44.3
3.44.3
redhat/nss<3.47.1
3.47.1
IBM Cognos Analytics<=12.0.0-12.0.3
IBM Cognos Analytics<=11.2.0-11.2.4 FP4
Mozilla Thunderbird<68.3
68.3
Mozilla Firefox<71
71
Mozilla Firefox ESR<68.3
68.3
Siemens RUGGEDCOM ROX MX5000<2.14.0
2.14.0
Siemens RUGGEDCOM ROX RX1400<2.14.0
2.14.0
Siemens RUGGEDCOM ROX RX1500<2.14.0
2.14.0
Siemens RUGGEDCOM ROX RX1501<2.14.0
2.14.0
Siemens RUGGEDCOM ROX RX1510<2.14.0
2.14.0
Siemens RUGGEDCOM ROX RX1511<2.14.0
2.14.0
Siemens RUGGEDCOM ROX RX500<2.14.0
2.14.0
Mozilla Firefox<71.0
Mozilla Firefox ESR<68.3
Mozilla Thunderbird<68.3.0
openSUSE Leap=15.1
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.10
Debian Debian Linux=9.0
redhat Enterprise Linux Server Aus=6.6
All of the following
Siemens Ruggedcom Rox Mx5000 Firmware<2.14.0
Siemens RUGGEDCOM ROX MX5000
All of the following
Siemens Ruggedcom Rox Rx1400 Firmware<2.14.0
Siemens RUGGEDCOM ROX RX1400
All of the following
Siemens Ruggedcom Rox Rx1500 Firmware<2.14.0
Siemens RUGGEDCOM ROX RX1500
All of the following
Siemens Ruggedcom Rox Rx1501 Firmware<2.14.0
Siemens RUGGEDCOM ROX RX1501
All of the following
Siemens Ruggedcom Rox Rx1510 Firmware<2.14.0
Siemens RUGGEDCOM ROX RX1510
All of the following
Siemens Ruggedcom Rox Rx1511 Firmware<2.14.0
Siemens RUGGEDCOM ROX RX1511
All of the following
Siemens Ruggedcom Rox Rx1512 Firmware<2.14.0
Siemens RUGGEDCOM ROX RX1512
All of the following
Siemens Ruggedcom Rox Rx5000 Firmware<2.14.0
Siemens Ruggedcom Rox Rx5000
Siemens Ruggedcom Rox Mx5000 Firmware<2.14.0
Siemens RUGGEDCOM ROX MX5000
Siemens Ruggedcom Rox Rx1400 Firmware<2.14.0
Siemens RUGGEDCOM ROX RX1400
Siemens Ruggedcom Rox Rx1500 Firmware<2.14.0
Siemens RUGGEDCOM ROX RX1500
Siemens Ruggedcom Rox Rx1501 Firmware<2.14.0
Siemens RUGGEDCOM ROX RX1501
Siemens Ruggedcom Rox Rx1510 Firmware<2.14.0
Siemens RUGGEDCOM ROX RX1510
Siemens Ruggedcom Rox Rx1511 Firmware<2.14.0
Siemens RUGGEDCOM ROX RX1511
Siemens Ruggedcom Rox Rx1512 Firmware<2.14.0
Siemens RUGGEDCOM ROX RX1512
Siemens Ruggedcom Rox Rx5000 Firmware<2.14.0
Siemens Ruggedcom Rox Rx5000
debian/nss
2:3.61-1+deb11u32:3.61-1+deb11u42:3.87.1-1+deb12u12:3.110-1

Remediation

Patch Available

https://bugzilla.mozilla.org/show_bug.cgi?id=1586176

Event History

Nov 21, 2019
CVE Published
12:00 AM
Jan 8, 2020
CVE Published
via MITRE·07:22 PM
Data Sourced
via MITRE·07:22 PM
DescriptionWeakness
Jan 11, 2024
Data Sourced
via Launchpad·11:14 PM
Description
Sep 16, 2024
Data Sourced
via Ubuntu·02:09 AM
RemedyDescriptionSeverityAffected Software
Apr 20, 2025
Data Sourced
via Debian·04:05 AM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2019-11745?

CVE-2019-11745 is classified as a critical severity vulnerability due to its potential for remote code execution.

2

How do I fix CVE-2019-11745?

To resolve CVE-2019-11745, update to the patched versions of the affected software, including nss-softokn versions 0:3.44.0-6.el6_10 or later.

3

What systems are affected by CVE-2019-11745?

CVE-2019-11745 affects various products including Mozilla Firefox, Firefox ESR, Thunderbird, and certain versions of nss and nss-softokn.

4

What impact does CVE-2019-11745 have?

If exploited, CVE-2019-11745 allows remote attackers to execute arbitrary code with the privileges of the affected application user.

5

What is the cause of CVE-2019-11745?

CVE-2019-11745 is caused by a heap-based buffer overflow in the NSC_EncryptUpdate() function of Mozilla NSS.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203