Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-2404
HistoryAug 03, 2009 - 12:00 a.m.

CVE-2009-2404

2009-08-0300:00:00
ubuntu.com
ubuntu.com
9

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.604 Medium

EPSS

Percentile

97.7%

Heap-based buffer overflow in a regular-expression parser in Mozilla
Network Security Services (NSS) before 3.12.3, as used in Firefox,
Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM),
allows remote SSL servers to cause a denial of service (application crash)
or possibly execute arbitrary code via a long domain name in the subject’s
Common Name (CN) field of an X.509 certificate, related to the
cert_TestHostName function.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchnss< 3.12.3.1-0ubuntu0.8.04.1UNKNOWN
ubuntu8.10noarchnss< 3.12.3.1-0ubuntu0.8.04.1UNKNOWN
ubuntu9.04noarchnss< 3.12.3.1-0ubuntu0.8.04.1UNKNOWN

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.604 Medium

EPSS

Percentile

97.7%

Related for UB:CVE-2009-2404