Unrated severityNVD Advisory· Published Nov 26, 2024· Updated Nov 27, 2024
CVE-2024-11705
CVE-2024-11705
Description
NSC_DeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows phKey to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:apk/chainguard/firefoxpkg:apk/wolfi/firefoxpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 133.0-r0+ 2 more
- (no CPE)range: < 133.0-r0
- (no CPE)range: < 133.0-r0
- (no CPE)range: < 133.0.3-1.1
- Range: unspecified
- Range: unspecified
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.