CVE-2024-7531

2024-08-0613:15:57

Alpine Linux Development Team

security.alpinelinux.org

pk11_encrypt

nss

ckm_chacha20

plaintext

intel sandy bridge

firefox

quic header protection

chacha20-poly1305

cipher suite

connection failure

packet loss

network observer

vulnerability

firefox 129

firefox esr 115.14

firefox esr 128.1

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

Low

JSON

Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.

OSVersionArchitecturePackageVersionFilename
Alpine3.20-communitynoarchfirefox= 128.0.3-r0UNKNOWN
Alpine3.20-communitynoarchfirefox-esr= 115.13.0-r0UNKNOWN
Alpineedge-communitynoarchfirefox-esr= 115.15.0-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.20-community	noarch	firefox	= 128.0.3-r0	UNKNOWN
Alpine	3.20-community	noarch	firefox-esr	= 115.13.0-r0	UNKNOWN
Alpine	edge-community	noarch	firefox-esr	= 115.15.0-r0	UNKNOWN