Closed Bug 1202009 Opened 9 years ago Closed 9 years ago

ASan: heap-buffer-overflow in SEC_ASN1DecoderUpdate_Util()

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(firefox43 affected)

Status:
RESOLVED DUPLICATE of bug 1192028
Tracking Flags:
Tracking Status
firefox43 --- affected

People

(Reporter: ttaubert, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: sec-high, testcase)

Attachments

(2 files)

call_stack.txt
1.06 KB, text/plain
Details
test_case.der
27 bytes, application/x-x509-ca-cert
Details
Attached file call_stack.txt 
This might be fixed by bug 1192028, it's a different failure but the truncated test case.
Attached file test_case.der 

    
    

    
  
The stack looks similar to bug 1194507. Not sure if it is the same though.
See Also:  → 1194507
Keywords: sec-high

    
    

    
  
Tim, does this still reproduce with the patches from the other nss fuzzing bugs?
Flags: needinfo?(ttaubert)

    
    

    
  
Tim, FYI, I no longer see this issue with the other patches applied.

    
    

    
  
Great, thank you for checking that!
Flags: needinfo?(ttaubert)

    
    

    
  
Thanks! This looks like bug 1192028.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Group: crypto-core-security

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: