7.8

CVSS Score

3.0

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-11696

CVE-2017-11696: Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network...

Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2017-11696

CVE-2017-11696:

7.8

CVSS Score

3.0

-

CVSS Score

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly named __hash_open in lib/dbm/src/hash.c as the affected function.
Fetched content from NVD (CVE-2017-11696), which confirmed the vulnerable function and file path.
Followed links from security advisories: Gentoo GLSA-202003-37 led to Mozilla Foundation Security Advisory mfsa2017-17.
Mozilla's advisory mfsa2017-17 confirmed the CVE, function, file, and provided a link to Bugzilla ticket 1367978.
Fetched the content of the Bugzilla page. This page contained a detailed description and, crucially, the patch diff for lib/dbm/src/hash.c that fixes the vulnerability in the __hash_open function.
Analyzed the provided patch diff. The changes focused on improving the robustness of reading and interpreting the HASHHDR structure from the database file, specifically around byte order (lorder), version checking, and ensuring a minimum amount of data is read. These are typical areas where vulnerabilities arise if input data is not handled carefully, leading to incorrect assumptions about buffer sizes or data structure layouts.
Based on the vulnerability description, official advisories, and the specific code changes in the patch targeting the __hash_open function's handling of the file header, it's clear this function is where the vulnerability lies.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2017-11696: Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network...

CVE-2017-11696:

7.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2017-11696: Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network...

Basic Information

Basic Information

Technical Details

7.8

7.8

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI