CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
83.7%
Package : nss
Version : 2:3.26-1+debu7u5
CVE ID : CVE-2017-7805
Martin Thomson discovered that nss, the Mozilla Network Security Service
library, is prone to a use-after-free vulnerability in the TLS 1.2
implementation when handshake hashes are generated. A remote attacker
can take advantage of this flaw to cause an application using the nss
library to crash, resulting in a denial of service, or potentially to
execute arbitrary code.
For Debian 7 "Wheezy", these problems have been fixed in version
2:3.26-1+debu7u5.
We recommend that you upgrade your nss packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | all | thunderbird-l10n-pa-in | < 1:52.4.0-1~deb7u1 | thunderbird-l10n-pa-in_1:52.4.0-1~deb7u1_all.deb |
Debian | 9 | all | iceweasel-l10n-te | < 1:52.4.0esr-1~deb9u1 | iceweasel-l10n-te_1:52.4.0esr-1~deb9u1_all.deb |
Debian | 7 | armhf | thunderbird | < 1:52.4.0-1~deb7u1 | thunderbird_1:52.4.0-1~deb7u1_armhf.deb |
Debian | 9 | armhf | thunderbird-dev | < 1:52.4.0-1~deb9u1 | thunderbird-dev_1:52.4.0-1~deb9u1_armhf.deb |
Debian | 9 | all | firefox-esr-l10n-it | < 52.4.0esr-1~deb9u1 | firefox-esr-l10n-it_52.4.0esr-1~deb9u1_all.deb |
Debian | 8 | all | iceweasel-l10n-es-ar | < 1:52.4.0esr-1~deb8u1 | iceweasel-l10n-es-ar_1:52.4.0esr-1~deb8u1_all.deb |
Debian | 9 | all | firefox-esr-l10n-pt-br | < 52.4.0esr-1~deb9u1 | firefox-esr-l10n-pt-br_52.4.0esr-1~deb9u1_all.deb |
Debian | 7 | all | iceweasel-l10n-el | < 1:52.4.0esr-2~deb7u1 | iceweasel-l10n-el_1:52.4.0esr-2~deb7u1_all.deb |
Debian | 9 | i386 | libnss3-tools | < 2:3.26.2-1.1+deb9u1 | libnss3-tools_2:3.26.2-1.1+deb9u1_i386.deb |
Debian | 8 | kfreebsd-i386 | libnss3-dev | < 2:3.26-1+debu8u3 | libnss3-dev_2:3.26-1+debu8u3_kfreebsd-i386.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
83.7%