Описание
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:3.35-2ubuntu2.7 |
| devel | not-affected | 2:3.47-1ubuntu2 |
| disco | released | 2:3.42-1ubuntu2.5 |
| eoan | released | 2:3.45-1ubuntu2.2 |
| esm-infra-legacy/trusty | released | 2:3.28.4-0ubuntu0.14.04.5+esm4 |
| esm-infra/bionic | released | 2:3.35-2ubuntu2.7 |
| esm-infra/xenial | released | 2:3.28.4-0ubuntu0.16.04.10 |
| precise/esm | not-affected | 2:3.28.4-0ubuntu0.12.04.7 |
| trusty | ignored | end of standard support |
| trusty/esm | released | 2:3.28.4-0ubuntu0.14.04.5+esm4 |
Показывать по
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
In Network Security Services (NSS) before 3.46, several cryptographic ...
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
Уязвимость набора библиотек NSS (Network Security Services), существующая из-за недостаточной проверки входных данных, позволяющая нарушителю выполнить произвольный код
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3