diff --git a/SOURCES/nss-util-3.44-handle-malformed-ecdh.patch b/SOURCES/nss-util-3.44-handle-malformed-ecdh.patch
new file mode 100644
index 0000000..083cecf
--- /dev/null
+++ b/SOURCES/nss-util-3.44-handle-malformed-ecdh.patch
@@ -0,0 +1,19 @@
+diff --git a/lib/util/quickder.c b/lib/util/quickder.c
+--- a/lib/util/quickder.c
++++ b/lib/util/quickder.c
+@@ -757,6 +757,13 @@
+                         }
+ 
+                         case SEC_ASN1_BIT_STRING: {
++                            /* Can't be 8 or more spare bits, or any spare bits
++			     * if there are no octets. */
++                            if (temp.data[0] >= 8 || (temp.data[0] > 0 && temp.len == 1)) {
++                                PORT_SetError(SEC_ERROR_BAD_DER);
++                                rv = SECFailure;
++                                break;
++                            }
+                             /* change the length in the SECItem to be the number
+                                of bits */
+                             temp.len = (temp.len - 1) * 8 - (temp.data[0] & 0x7);
+
+ 
diff --git a/SPECS/nss-util.spec b/SPECS/nss-util.spec
index ab912b4..276e83a 100644
--- a/SPECS/nss-util.spec
+++ b/SPECS/nss-util.spec
@@ -14,7 +14,7 @@ rpm.define(string.format("nss_util_archive_version %s",
 Summary:          Network Security Services Utilities Library
 Name:             nss-util
 Version:          %{nss_util_version}
-Release:          3%{?dist}
+Release:          4%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -55,6 +55,9 @@ Patch9: nss-util-sql-default.patch
 Patch10: nss-util-ike-patch.patch
 # https://bugzilla.mozilla.org/show_bug.cgi?id=1473806
 Patch11: nss-util-fix-public-key-from-priv.patch
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1515342
+Patch12: nss-util-3.44-handle-malformed-ecdh.patch
+
 
 %description
 Utilities for Network Security Services and the Softoken module
@@ -83,6 +86,9 @@ pushd nss
 %patch10 -p1 -b .ike_mechs
 popd
 %patch11 -p1 -b .pub_priv_mechs
+pushd nss
+%patch12 -p1 -b .handle-malformed-ecdh
+popd
 
 
 %build
@@ -255,6 +261,9 @@ done
 %{_includedir}/nss3/templates/templates.c
 
 %changelog
+* Thu Dec 5 2019 Bob Relyea <rrelyea@redhat.com> - 3.44.0-4
+- Fix segfault on empty or malformed ecdh keys (#1777712)
+
 * Wed Jun 5 2019 Bob Relyea <rrelyea@redhat.com> - 3.44.0-3
 - Add pub from priv mechanism
 - ike mechanisms should not overlap with JPAKE