CVE-2015-7182 Information

Feb 14, 2021 cve

Description

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1 as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html http://rhn.redhat.com/errata/RHSA-2015-1980.html http://rhn.redhat.com/errata/RHSA-2015-1981.html http://www.debian.org/security/2015/dsa-3393 http://www.debian.org/security/2015/dsa-3410 http://www.debian.org/security/2016/dsa-3688 http://www.mozilla.org/security/announce/2015/mfsa2015-133.html http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/77416 http://www.securityfocus.com/bid/91787 http://www.securitytracker.com/id/1034069 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753 http://www.ubuntu.com/usn/USN-2785-1 http://www.ubuntu.com/usn/USN-2791-1 http://www.ubuntu.com/usn/USN-2819-1 https://bto.bluecoat.com/security-advisory/sa119 https://bugzilla.mozilla.org/show_bug.cgi?id=1202868 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes https://security.gentoo.org/glsa/201512-10 https://security.gentoo.org/glsa/201605-06

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: