Lucene search

[email protected]CVE-2015-7183

HistoryNov 05, 2015 - 5:59 a.m.

CVE-2015-7183

2015-11-0505:59:07

CWE-119

CWE-189

[email protected]

web.nvd.nist.gov

170

cve-2015-7183

integer overflow

pl_arena_allocate

mozilla nss

nspr

remote code execution

memory corruption

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.057 Low

EPSS

Percentile

93.4%

JSON

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Affected configurations

NVD

Node

mozillafirefoxRange≤41.0.2

Node

mozillanetwork_security_servicesRange≤3.19.2.0

mozillanetwork_security_servicesMatch3.20.0

Node

mozillafirefox_esrMatch38.0

mozillafirefox_esrMatch38.0.1

mozillafirefox_esrMatch38.0.5

mozillafirefox_esrMatch38.1.0

mozillafirefox_esrMatch38.1.1

mozillafirefox_esrMatch38.2.0

mozillafirefox_esrMatch38.2.1

mozillafirefox_esrMatch38.3.0

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle41.0.2

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	41.0.2

References

lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

lists.opensuse.org/opensuse-updates/2015-12/msg00037.html

lists.opensuse.org/opensuse-updates/2015-12/msg00049.html

packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html

rhn.redhat.com/errata/RHSA-2015-1980.html

rhn.redhat.com/errata/RHSA-2015-1981.html

www.debian.org/security/2015/dsa-3393

www.debian.org/security/2015/dsa-3406

www.mozilla.org/security/announce/2015/mfsa2015-133.html

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/77415

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1034069

www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753

www.ubuntu.com/usn/USN-2785-1

www.ubuntu.com/usn/USN-2790-1

www.ubuntu.com/usn/USN-2819-1

bto.bluecoat.com/security-advisory/sa119

bugzilla.mozilla.org/show_bug.cgi?id=1205157

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes

security.gentoo.org/glsa/201512-10

security.gentoo.org/glsa/201605-06

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.057 Low

EPSS

Percentile

93.4%

JSON

Related for CVE-2015-7183