Lucene search

K
cve[email protected]CVE-2009-2404
HistoryAug 03, 2009 - 2:30 p.m.

CVE-2009-2404

2009-08-0314:30:00
CWE-119
web.nvd.nist.gov
47
cve-2009-2404
nss
buffer overflow
ssl
denial of service
x.509
certificate
remote code execution

9.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.604 Medium

EPSS

Percentile

97.7%

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject’s Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.

References

9.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.604 Medium

EPSS

Percentile

97.7%