nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)

🗓️ 04 Nov 2015 12:48:55Reported by RedHatType

redhat

redhat🔗 access.redhat.com

Use-after-poison in sec_asn1d_parse_leaf() of the Network Security Services library could crash or allow code execution on Unix.

Reporter	Title	Published	Views	Family All 164
IBM Security Bulletins	Security Bulletin: Using Components with Known Vulnerabilities affects IBM Security Guardium (multiple CVEs)	16 Jun 201821:41	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in libxml, openssh, PAM, Firefox, affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance	17 Jun 201822:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Access Manager for Web is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)	16 Jun 201821:38	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Network Security (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2015-7181 CVE-2015-7182 CVE-2015-7183)	29 Mar 202301:48	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in the Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)	18 Feb 202301:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Access Manager for Mobile is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)	16 Jun 201821:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in libxml, OpenSSH, Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-1819, CVE-2015-5600, CVE-2015-7183, CVE-2015-7181, CVE-2015-7182)	17 Jun 201822:32	–	ibm
Tenable Nessus	Mozilla Firefox < 42.0 Multiple Vulnerabilities	7 Dec 201500:00	–	nessus
Tenable Nessus	Mozilla Thunderbird < 38.4 Multiple Vulnerabilities	17 Mar 201600:00	–	nessus
Tenable Nessus	Amazon Linux AMI : nspr / nss-util,nss,jss (ALAS-2015-608)	6 Nov 201500:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	ppc64le	nspr	0:4.10.8-2.ael7b_1	nspr-0:4.10.8-2.ael7b_1.ppc64le.rpm
Red Hat Enterprise Linux	6	i686	nspr	0:4.10.8-2.el6_7	nspr-0:4.10.8-2.el6_7.i686.rpm
Red Hat Enterprise Linux	6	ppc	nspr	0:4.10.8-2.el6_7	nspr-0:4.10.8-2.el6_7.ppc.rpm
Red Hat Enterprise Linux	6	ppc64	nspr	0:4.10.8-2.el6_7	nspr-0:4.10.8-2.el6_7.ppc64.rpm
Red Hat Enterprise Linux	6	s390	nspr	0:4.10.8-2.el6_7	nspr-0:4.10.8-2.el6_7.s390.rpm
Red Hat Enterprise Linux	6	s390x	nspr	0:4.10.8-2.el6_7	nspr-0:4.10.8-2.el6_7.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	nspr	0:4.10.8-2.el6_7	nspr-0:4.10.8-2.el6_7.x86_64.rpm
Red Hat Enterprise Linux	7	i686	nspr	0:4.10.8-2.el7_1	nspr-0:4.10.8-2.el7_1.i686.rpm
Red Hat Enterprise Linux	7	ppc	nspr	0:4.10.8-2.el7_1	nspr-0:4.10.8-2.el7_1.ppc.rpm
Red Hat Enterprise Linux	7	ppc64	nspr	0:4.10.8-2.el7_1	nspr-0:4.10.8-2.el7_1.ppc64.rpm

Source	Link
access	www.access.redhat.com/articles/2043623
access	www.access.redhat.com/security/cve/CVE-2015-7181
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2015-7181
cve	www.cve.org/CVERecord
mozilla	www.mozilla.org/security/announce/2015/mfsa2015-133.html

18 Mar 2026 11:27Current

7.7High risk

Vulners AI Score7.7

CVSS 27.5

EPSS0.05021

Network Security Services use after poison structure parsing code execution unix platform