7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.101 Low
EPSS
Percentile
95.0%
Package : nss
Version : 3.12.8-1+squeeze8
CVE ID : CVE-2013-1741 CVE-2013-5606 CVE-2014-1491 CVE-2014-1492
CVE-2013-1741
Runaway memset in certificate parsing on 64-bit computers leading to
a crash by attempting to write 4Gb of nulls.
CVE-2013-5606
Certificate validation with the verifylog mode did not return
validation errors, but instead expected applications to determine
the status by looking at the log.
CVE-2014-1491
Ticket handling protection mechanisms bypass due to the lack of
restriction of public values in Diffie-Hellman key exchanges.
CVE-2014-1492
Incorrect IDNA domain name matching for wildcard certificates could
allow specially-crafted invalid certificates to be considered as
valid.
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | ia64 | libnss3-tools | < 2:3.14.5-1+deb7u1 | libnss3-tools_2:3.14.5-1+deb7u1_ia64.deb |
Debian | 7 | mips | libnss3-tools | < 2:3.14.5-1+deb7u1 | libnss3-tools_2:3.14.5-1+deb7u1_mips.deb |
Debian | 7 | amd64 | libnss3 | < 2:3.14.5-1+deb7u1 | libnss3_2:3.14.5-1+deb7u1_amd64.deb |
Debian | 7 | s390 | libnss3-tools | < 2:3.14.5-1+deb7u1 | libnss3-tools_2:3.14.5-1+deb7u1_s390.deb |
Debian | 6 | amd64 | libnss3-1d-dbg | < 3.12.8-1+squeeze8 | libnss3-1d-dbg_3.12.8-1+squeeze8_amd64.deb |
Debian | 6 | amd64 | libnss3-tools | < 3.12.8-1+squeeze8 | libnss3-tools_3.12.8-1+squeeze8_amd64.deb |
Debian | 7 | sparc | libnss3 | < 2:3.14.5-1+deb7u1 | libnss3_2:3.14.5-1+deb7u1_sparc.deb |
Debian | 7 | mips | libnss3-dbg | < 2:3.14.5-1+deb7u1 | libnss3-dbg_2:3.14.5-1+deb7u1_mips.deb |
Debian | 7 | i386 | libnss3 | < 2:3.14.5-1+deb7u1 | libnss3_2:3.14.5-1+deb7u1_i386.deb |
Debian | 7 | s390 | libnss3-1d | < 2:3.14.5-1+deb7u1 | libnss3-1d_2:3.14.5-1+deb7u1_s390.deb |