Abhiskek Arya discovered an out of bounds write in the cvt_t() function
of the NetScape Portable Runtime Library which could result in the
execution of arbitrary code.

For the stable distribution (wheezy), this problem has been fixed in
version 2:4.9.2-1+deb7u2.

For the unstable distribution (sid), this problem has been fixed in
version 2:4.10.6-1.

We recommend that you upgrade your nspr packages.

CPENameOperatorVersion
nspreq2:4.9.2-1
nspreq2:4.9.2-1+deb7u1

CPE	Name	Operator	Version
	nspr	eq	2:4.9.2-1
	nspr	eq	2:4.9.2-1+deb7u1

References

www.debian.org/security/2014/dsa-2962

osv 3

debian 4

cve 1

amazon 1

mozilla 1

openvas 27

nessus 24

debiancve 1

prion 1

ubuntu 1

ubuntucve 1

centos 2

oraclelinux 2

redhat 3

f5 2

ibm 4

veracode 1

suse 6

freebsd 1

securityvulns 2

gentoo 1

osv

nspr - security update

2014-08-07 00:00:00

iceweasel - security update

2014-06-11 00:00:00

icedove - security update

2014-06-16 00:00:00

debian

[SECURITY] [DSA 2962-1] nspr security update

2014-06-17 19:31:15

[DLA 32-1] nspr security update

2014-08-07 18:21:16

[SECURITY] [DSA 2955-1] iceweasel security update

2014-06-11 14:33:41

cve

CVE-2014-1545

2014-06-11 10:57:00

amazon

Critical: nspr

2014-07-23 14:07:00

mozilla

Out of bounds write in NSPR — Mozilla

2014-06-10 00:00:00

openvas

Amazon Linux: Security Advisory (ALAS-2014-384)

2015-09-08 00:00:00

Ubuntu: Security Advisory (USN-2265-1)

2014-07-07 00:00:00

Debian Security Advisory DSA 2962-1 (nspr - security update)

2014-06-17 00:00:00

nessus

Debian DLA-32-1 : nspr security update

2015-03-26 00:00:00

Amazon Linux AMI : nspr (ALAS-2014-384)

2014-10-12 00:00:00

Mandriva Linux Security Advisory : nspr (MDVSA-2014:125)

2014-06-16 00:00:00

debiancve

CVE-2014-1545

2014-06-11 10:57:00

prion

Out-of-bounds

2014-06-11 10:57:00

ubuntu

NSPR vulnerability

2014-07-02 00:00:00

ubuntucve

CVE-2014-1545

2014-06-11 00:00:00

centos

nss security update

2014-09-30 11:21:57

nspr, nss security update

2014-07-23 02:49:51

oraclelinux

nss and nspr security, bug fix, and enhancement update

2014-09-17 00:00:00

nss and nspr security, bug fix, and enhancement update

2014-07-22 00:00:00

redhat

(RHSA-2014:1246) Moderate: nss and nspr security, bug fix, and enhancement update

2014-09-16 00:00:00

(RHSA-2014:0917) Critical: nss and nspr security, bug fix, and enhancement update

2014-07-22 00:00:00

(RHSA-2014:0979) Moderate: rhev-hypervisor6 security and bug fix update

2014-07-29 00:00:00

SOL16716 - Multiple Mozilla NSS vulnerabilities

2015-06-05 00:00:00

K16716 : Multiple Mozilla NSS vulnerabilities

2015-09-17 00:00:00

ibm

Security Bulletin: Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)

2023-03-29 01:48:02

Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-154

2023-02-28 01:12:10

2022-08-20 00:54:31

veracode

Denial Of Service (DoS)

2019-05-02 05:03:51

suse

Mozilla updates 2014/06 (critical)

2014-06-16 08:04:13

Security update for MozillaFirefox (important)

2014-06-23 20:09:15

Security update for MozillaFirefox (important)

2014-06-21 01:04:47

freebsd

mozilla -- multiple vulnerabilities

2014-06-10 00:00:00

securityvulns

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

2014-06-13 00:00:00

ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities

2015-02-02 00:00:00

gentoo

Mozilla Products: Multiple vulnerabilities

2015-04-07 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for OSV:DSA-2962-1