Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-7182

Опубликовано: 05 нояб. 2015
Источник: debian
EPSS Средний

Описание

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
nssfixed2:3.20.1-1package
iceweaselfixed38.4.0esr-1package
iceweaselend-of-lifesqueezepackage
icedovefixed38.4.0-1package
icedoveend-of-lifesqueezepackage

Примечания

  • http://hg.mozilla.org/projects/nss/rev/4dc247276e58

  • http://hg.mozilla.org/projects/nss/rev/534aca7a5bca

  • http://hg.mozilla.org/projects/nss/rev/b4feb2cb0ed6

  • https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/

  • Patch for wheezy/jessie: https://lists.debian.org/debian-lts/2015/11/msg00098.html

EPSS

Процентиль: 95%
0.18408
Средний

Связанные уязвимости

ubuntu логотип

CVE-2015-7182

CVSS3: 9.8
ubuntu
почти 10 лет назад

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

redhat логотип

CVE-2015-7182

redhat
почти 10 лет назад

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

nvd логотип

CVE-2015-7182

CVSS3: 9.8
nvd
почти 10 лет назад

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

github логотип

GHSA-f3ww-87xf-9498

CVSS3: 9.8
github
больше 3 лет назад

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

fstec логотип

BDU:2015-12005

fstec
почти 10 лет назад

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 95%
0.18408
Средний