CVE-2015-7182

Опубликовано: 03 нояб. 2015

Источник: redhat

CVSS2: 6.8

Описание

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	nss	Will not fix
Red Hat Enterprise Linux 5	nspr	Fixed	RHSA-2015:1980	04.11.2015
Red Hat Enterprise Linux 5	nss	Fixed	RHSA-2015:1980	04.11.2015
Red Hat Enterprise Linux 6	nspr	Fixed	RHSA-2015:1981	04.11.2015
Red Hat Enterprise Linux 6	nss	Fixed	RHSA-2015:1981	04.11.2015
Red Hat Enterprise Linux 6	nss-util	Fixed	RHSA-2015:1981	04.11.2015
Red Hat Enterprise Linux 6.2 Advanced Update Support	nspr	Fixed	RHSA-2015:2068	18.11.2015
Red Hat Enterprise Linux 6.2 Advanced Update Support	nss	Fixed	RHSA-2015:2068	18.11.2015
Red Hat Enterprise Linux 6.2 Advanced Update Support	nss-util	Fixed	RHSA-2015:2068	18.11.2015
Red Hat Enterprise Linux 6.4 Advanced Update Support	nspr	Fixed	RHSA-2015:2068	18.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1269351nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)

6.8 Medium

CVSS2