Debian Security Bug TrackerDEBIANCVE:CVE-2009-2404CVE-2009-2404
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.604 Medium
EPSS
Percentile
97.8%
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subjectβs Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | nss | <Β 3.12.3-1 | nss_3.12.3-1_all.deb |
| Debian | 11 | all | nss | <Β 3.12.3-1 | nss_3.12.3-1_all.deb |
| Debian | 999 | all | nss | <Β 3.12.3-1 | nss_3.12.3-1_all.deb |
| Debian | 13 | all | nss | <Β 3.12.3-1 | nss_3.12.3-1_all.deb |
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.604 Medium
EPSS
Percentile
97.8%