4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
52.3%
Package : nss
Version : 3.12.8-1+squeeze8
CVE ID : CVE-2013-1741 CVE-2013-5606 CVE-2014-1491 CVE-2014-1492
CVE-2013-1741
Runaway memset in certificate parsing on 64-bit computers leading to
a crash by attempting to write 4Gb of nulls.
CVE-2013-5606
Certificate validation with the verifylog mode did not return
validation errors, but instead expected applications to determine
the status by looking at the log.
CVE-2014-1491
Ticket handling protection mechanisms bypass due to the lack of
restriction of public values in Diffie-Hellman key exchanges.
CVE-2014-1492
Incorrect IDNA domain name matching for wildcard certificates could
allow specially-crafted invalid certificates to be considered as
valid.
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | ia64 | libnss3-dbg | < 2:3.14.5-1+deb7u1 | libnss3-dbg_2:3.14.5-1+deb7u1_ia64.deb |
Debian | 7 | powerpc | libnss3-tools | < 2:3.14.5-1+deb7u1 | libnss3-tools_2:3.14.5-1+deb7u1_powerpc.deb |
Debian | 7 | i386 | libnss3-tools | < 2:3.14.5-1+deb7u1 | libnss3-tools_2:3.14.5-1+deb7u1_i386.deb |
Debian | 7 | armel | libnss3-dbg | < 2:3.14.5-1+deb7u1 | libnss3-dbg_2:3.14.5-1+deb7u1_armel.deb |
Debian | 7 | kfreebsd-amd64 | libnss3 | < 2:3.14.5-1+deb7u1 | libnss3_2:3.14.5-1+deb7u1_kfreebsd-amd64.deb |
Debian | 7 | powerpc | libnss3-dbg | < 2:3.14.5-1+deb7u1 | libnss3-dbg_2:3.14.5-1+deb7u1_powerpc.deb |
Debian | 6 | i386 | libnss3-tools | < 3.12.8-1+squeeze8 | libnss3-tools_3.12.8-1+squeeze8_i386.deb |
Debian | 7 | sparc | libnss3-dbg | < 2:3.14.5-1+deb7u1 | libnss3-dbg_2:3.14.5-1+deb7u1_sparc.deb |
Debian | 7 | ia64 | libnss3-1d | < 2:3.14.5-1+deb7u1 | libnss3-1d_2:3.14.5-1+deb7u1_ia64.deb |
Debian | 7 | ia64 | libnss3-dev | < 2:3.14.5-1+deb7u1 | libnss3-dev_2:3.14.5-1+deb7u1_ia64.deb |