CVE-2019-11745

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-11745
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11745.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-11745
Downstream
Related
Published
2020-01-08T20:15:12.313Z
Modified
2026-02-11T10:53:55.875903Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

References

Affected packages

Git / gitlab.gnome.org/GNOME/epiphany

Affected ranges

Type
GIT
Repo
https://gitlab.gnome.org/GNOME/epiphany
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9a08c3c60b4e499cac2eee9991feeb36df3f53ce

Affected versions

Other
BEFORE_HARVES18
GNOME_2_10_ANCHOR
GNOME_2_12_BRANCHPOINT
GTK_ENGINES_2_6_0
INITIAL
PRE_GNOME_2_14_BRANCHPOINT
Release070
Release072
Release073
Release081
Release082
Release083
Release090
Release091
Release092
Release110
Release111
Release1110
Release1111
Release1112
Release112
Release113
Release115
Release117
Release119
Release120
Release130
Release131
Release132
Release133
Release134
Release135
Release136
Release137
Release138
Release151
Release152
Release153
Release154
Release155
Release156
Release157
Release158
Release160
Release171
Release172
Release173
Release174
Release175
Release176
Release191
Release192
Release193
Release1931
Release194
Release195
Release1951
Release196
Release198
Release1999
WEBCORE_BRANCHPOINT
gnome-2-8-branchpoint
help
pre-gnome-2-10-branchpoint

Database specific

vanir_signatures 
[
    {
        "deprecated": false,
        "id": "CVE-2019-11745-2b11a0fb",
        "digest": {
            "line_hashes": [
                "302089763369201069117875648248239423843",
                "136599067095748924178163173351515825772",
                "130363556863157697636792388201644613152",
                "313224947261836547647229827291900838797",
                "228438726622434406157142236915581664358",
                "24073770676724928369037724684260090985",
                "17381471970949517157824663767627839742"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "src/prefs-dialog.c"
        },
        "source": "https://gitlab.gnome.org/GNOME/epiphany@9a08c3c60b4e499cac2eee9991feeb36df3f53ce",
        "signature_type": "Line"
    },
    {
        "deprecated": false,
        "id": "CVE-2019-11745-dcc186f0",
        "digest": {
            "function_hash": "163069618142920672996344844178062350967",
            "length": 489.0
        },
        "signature_version": "v1",
        "target": {
            "function": "prefs_dialog_show_help",
            "file": "src/prefs-dialog.c"
        },
        "source": "https://gitlab.gnome.org/GNOME/epiphany@9a08c3c60b4e499cac2eee9991feeb36df3f53ce",
        "signature_type": "Function"
    },
    {
        "deprecated": false,
        "id": "CVE-2019-11745-eceed787",
        "digest": {
            "function_hash": "322141866670698385529039071149637516109",
            "length": 141.0
        },
        "signature_version": "v1",
        "target": {
            "function": "font_prefs_dialog_response_cb",
            "file": "src/prefs-dialog.c"
        },
        "source": "https://gitlab.gnome.org/GNOME/epiphany@9a08c3c60b4e499cac2eee9991feeb36df3f53ce",
        "signature_type": "Function"
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11745.json"