Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-2404
HistoryAug 03, 2009 - 12:00 a.m.

CVE-2009-2404

2009-08-0300:00:00
ubuntu.com
ubuntu.com
20

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.604

Percentile

97.8%

Heap-based buffer overflow in a regular-expression parser in Mozilla
Network Security Services (NSS) before 3.12.3, as used in Firefox,
Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM),
allows remote SSL servers to cause a denial of service (application crash)
or possibly execute arbitrary code via a long domain name in the subject’s
Common Name (CN) field of an X.509 certificate, related to the
cert_TestHostName function.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchnss<Β 3.12.3.1-0ubuntu0.8.04.1UNKNOWN
ubuntu8.10noarchnss<Β 3.12.3.1-0ubuntu0.8.04.1UNKNOWN
ubuntu9.04noarchnss<Β 3.12.3.1-0ubuntu0.8.04.1UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.604

Percentile

97.8%