[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-7181Date: (C)2015-12-15   (M)2024-03-27


The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1034069
BID-77416
BID-91787
DSA-3393
DSA-3410
DSA-3688
GLSA-201512-10
GLSA-201605-06
RHSA-2015:1980
RHSA-2015:1981
SSA:2015-310-02
SUSE-SU-2015:1926
SUSE-SU-2015:1978
SUSE-SU-2015:1981
SUSE-SU-2015:2081
USN-2785-1
USN-2791-1
USN-2819-1
http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html
http://www.mozilla.org/security/announce/2015/mfsa2015-133.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bto.bluecoat.com/security-advisory/sa119
https://bugzilla.mozilla.org/show_bug.cgi?id=1192028
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes
openSUSE-SU-2015:1942
openSUSE-SU-2015:2229
openSUSE-SU-2015:2245

CPE    11
cpe:/a:mozilla:firefox_esr:38.0
cpe:/a:mozilla:network_security_services:3.20.0
cpe:/a:mozilla:firefox_esr:38.1.1
cpe:/a:mozilla:firefox_esr:38.2.0
...
CWE    1
CWE-119
OVAL    29
oval:org.secpod.oval:def:203762
oval:org.secpod.oval:def:602291
oval:org.secpod.oval:def:203761
oval:org.secpod.oval:def:31625
...

© SecPod Technologies