Package: libnss3-tools Version: 2:3.73-1 Severity: important X-Debbugs-Cc: bugrepo...@gringene.org
Dear Maintainer, I've recently noticed a bug in nss that was reported on Google Project Zero: https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html The reporter's claim is as follows: > The maximum size signature that this structure can handle is whatever the > largest union member is, in this case that’s RSA at 2048 bytes. That’s 16384 > bits, large enough to accommodate signatures from even the most ridiculously > oversized keys. > Okay, but what happens if you just....make a signature that’s bigger than > that? > Well, it turns out the answer is memory corruption. Yes, really. I have tried out their example code on my Debian system, and it results in the reported Segmentation fault. This is interesting, given that the stated fixed version is NSS 3.73.0, and Debian is reporting that 3.73-1 is installed. -- System Information: Debian Release: 11.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-8-amd64 (SMP w/12 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_NZ:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libnss3-tools depends on: ii libc6 2.31-13+deb11u2 ii libnspr4 2:4.32-1 ii libnss3 2:3.68-1 ii zlib1g 1:1.2.11.dfsg-2 libnss3-tools recommends no packages. libnss3-tools suggests no packages. -- no debconf information
