In early 2024, security researchers and Mozilla developers uncovered a crash bug affecting the NSC_DeriveKey function within the NSS (Network Security Services) library, which underpins cryptographic functions for popular applications like Firefox and Thunderbird. Tracked as CVE-2024-11705, this flaw allows attackers to cause crashes (segmentation faults) by passing a NULL pointer to a function parameter that was assumed to always be valid. Although this isn't a classic remote code execution bug, it has real-world impact, especially in terms of denial-of-service (DoS) scenarios in browsers and email clients.
This post explains the bug in simple terms, walks through the responsible code (with examples), and shows how an attacker could trigger it. Links to original advisories and patches are included for further reading.
What is CVE-2024-11705?
At its core, this vulnerability centers around the PKCS#11 cryptographic API, specifically the function NSC_DeriveKey. In some situations, PKCS#11 allows the final key pointer parameter (phKey) to be NULL (i.e., not provided). However, due to a mistaken assumption in the code, the function would always try to write to this pointer, even if it was NULL. This causes a segmentation fault (SEGV) if the calling code passes NULL.
Technical Details and Code Snippet
Here's a simplified version of what went wrong, based on Mozilla's bug report and related patches.
The Problematic Code
CK_RV NSC_DeriveKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hBaseKey,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey) // <--- can be NULL!
{
...
// Problem: assumes phKey is always non-NULL
*phKey = derivedKeyHandle; // <-- will segfault if phKey == NULL
...
}
What the Spec Says
The PKCS#11 v3. specification explains that for certain "key derivation mechanisms," phKey may be NULL:
> "If the mechanism does not produce a key, phKey may be NULL and must not be dereferenced."
So, code using mechanisms like CKM_NSS_HKDF_DERIVE_DATA is allowed to pass NULL for phKey. Instead, the application expects the derived key to be returned through another mechanism or not at all.
Real-World Impact
If a malicious webpage, extension, or email triggers a cryptographic operation using NSS’s PKCS#11 interface and passes NULL for this parameter, the browser or client will experience a segmentation fault and crash.
Mozilla Thunderbird < 133
This is a DoS (denial of service) vulnerability, and while it doesn’t leak secrets or allow code execution, it is a reliability and stability risk.
How Could an Exploit Look? (Simplified Example)
Below is a code sample that demonstrates how this bug could be triggered in an NSS client (C code). The trick is using a supported mechanism and passing NULL for phKey:
// NOTE: Only for demonstration purposes! Do not use in production.
CK_MECHANISM mechanism = { CKM_NSS_HKDF_DERIVE_DATA, ... };
CK_OBJECT_HANDLE baseKey = ...; // some valid key
CK_ATTRIBUTE template[] = { ... };
CK_ULONG attrCount = ...;
// Vulnerable call: Pass NULL instead of &outKey
CK_RV result = NSC_DeriveKey(session, &mechanism, baseKey, template, attrCount, NULL);
// This would crash pre-patched Firefox/Thunderbird if the mechanism expects phKey == NULL
If run in an application using the vulnerable NSS, this call would cause a segmentation fault and crash because the C code tries to write to address zero (NULL).
Links to Original References
- Mozilla Security Advisory 2024-12
- Bugzilla Issue #1889084
- NSS Patch Commit
- PKCS#11 v3. Specification
Mozilla patched the function to check if phKey is non-NULL before writing to it
if (phKey != NULL) {
*phKey = derivedKeyHandle;
}
Upgrade to Thunderbird >= 133
If you deploy or develop with NSS directly, ensure your version is up-to-date.
Conclusion
CVE-2024-11705 is a classic example of how small pointer handling errors can crash even mature, security-conscious applications like Firefox and Thunderbird. While it doesn’t enable attackers to steal data or run code, it’s a good reminder to always obey interface specifications, especially when handling pointers in C.
For more details, see the Mozilla Security Advisory and Bugzilla.
Timeline
Published on: 11/26/2024 14:15:19 UTC
Last modified on: 11/27/2024 16:15:14 UTC