Lucene search

Veracode Vulnerability DatabaseVERACODE:11834

HistoryJan 15, 2019 - 9:08 a.m.

Denial Of Service (DoS)

2019-01-1509:08:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

nss is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a “use-after-poison” issue.

CPENameOperatorVersion
nss-utileq3.14.3__3.el6_4
nss-utileq3.12.8__1.el6_0
nss-utileq3.19.1__1.el6_6
nss-utileq3.13.1__3.el6_2
nss-utileq3.12.10__2.el6
nss-utileq3.16.1__3.el6
nss-utileq3.14.3__4.el6_4
nss-utileq3.12.10__1.el6_1
nss-utileq3.15.3__1.el6_5
nss-utileq3.16.2.3__2.el6_6

Name	Operator	Version
nss-util	eq	3.14.3__3.el6_4
nss-util	eq	3.12.8__1.el6_0
nss-util	eq	3.19.1__1.el6_6
nss-util	eq	3.13.1__3.el6_2
nss-util	eq	3.12.10__2.el6
nss-util	eq	3.16.1__3.el6
nss-util	eq	3.14.3__4.el6_4
nss-util	eq	3.12.10__1.el6_1
nss-util	eq	3.15.3__1.el6_5
nss-util	eq	3.16.2.3__2.el6_6

Rows per page:

1-10 of 1191

References

lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

lists.opensuse.org/opensuse-updates/2015-12/msg00037.html

lists.opensuse.org/opensuse-updates/2015-12/msg00049.html

packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html

rhn.redhat.com/errata/RHSA-2015-1980.html

rhn.redhat.com/errata/RHSA-2015-1981.html

www.debian.org/security/2015/dsa-3393

www.debian.org/security/2015/dsa-3410

www.debian.org/security/2016/dsa-3688

www.mozilla.org/security/announce/2015/mfsa2015-133.html

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/77416

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1034069

www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753

www.ubuntu.com/usn/USN-2785-1

www.ubuntu.com/usn/USN-2791-1

www.ubuntu.com/usn/USN-2819-1

access.redhat.com/security/updates/classification/#critical

bto.bluecoat.com/security-advisory/sa119

bugzilla.mozilla.org/show_bug.cgi?id=1192028

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes

rhn.redhat.com/errata/RHSA-2015-2068.html

security.gentoo.org/glsa/201512-10

security.gentoo.org/glsa/201605-06

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:11834