Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-11719

Опубликовано: 23 июл. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

РелизСтатусПримечание
bionic

released

68.0+build3-0ubuntu0.18.04.1
cosmic

released

68.0+build3-0ubuntu0.18.10.1
devel

released

68.0+build3-0ubuntu1
disco

released

68.0+build3-0ubuntu0.19.04.1
eoan

released

68.0+build3-0ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

released

68.0+build3-0ubuntu1
groovy

released

68.0+build3-0ubuntu1
hirsute

released

68.0+build3-0ubuntu1

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

ignored

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/focal

ignored

esm-infra-legacy/trusty

DNE

esm-infra/bionic

ignored

focal

ignored

groovy

ignored

end of life

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

released

2:3.35-2ubuntu2.3
cosmic

ignored

end of life
devel

released

2:3.45-1ubuntu1
disco

released

2:3.42-1ubuntu2.1
eoan

released

2:3.45-1ubuntu1
esm-infra-legacy/trusty

released

2:3.28.4-0ubuntu0.14.04.5+esm1
esm-infra/bionic

released

2:3.35-2ubuntu2.3
esm-infra/focal

released

2:3.45-1ubuntu1
esm-infra/xenial

released

2:3.28.4-0ubuntu0.16.04.6
focal

released

2:3.45-1ubuntu1

Показывать по

РелизСтатусПримечание
bionic

released

1:60.8.0+build1-0ubuntu0.18.04.1
cosmic

released

1:60.8.0+build1-0ubuntu0.18.10.1
devel

released

60.8.0+build1-0ubuntu1
disco

released

1:60.8.0+build1-0ubuntu0.19.04.1
eoan

released

60.8.0+build1-0ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

released

60.8.0+build1-0ubuntu1
groovy

released

60.8.0+build1-0ubuntu1
hirsute

released

60.8.0+build1-0ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 63%
0.00447
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-11719

CVSS3: 7.5
redhat
больше 6 лет назад

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

nvd логотип

CVE-2019-11719

CVSS3: 7.5
nvd
больше 6 лет назад

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

debian логотип

CVE-2019-11719

CVSS3: 7.5
debian
больше 6 лет назад

When importing a curve25519 private key in PKCS#8format with leading 0 ...

github логотип

GHSA-mg9h-wcqm-m3mw

CVSS3: 7.5
github
больше 3 лет назад

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

fstec логотип

BDU:2019-03616

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость библиотеки служб сетевой безопасности (NSS) почтового клиента Thunderbird и браузеров Firefox и Firefox ESR, позволяющая нарушителю получить несанкционированный доступ к информации

EPSS

Процентиль: 63%
0.00447
Низкий

5 Medium

CVSS2

7.5 High

CVSS3