Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-1568HistorySep 25, 2014 - 5:55 p.m.
CVE-2014-1568
2014-09-2517:55:04
Debian Security Bug Tracker
security-tracker.debian.org
16
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.038
Percentile
91.9%
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a “signature malleability” issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | nss | < 2:3.17.1-1 | nss_2:3.17.1-1_all.deb |
| Debian | 11 | all | nss | < 2:3.17.1-1 | nss_2:3.17.1-1_all.deb |
| Debian | 999 | all | nss | < 2:3.17.1-1 | nss_2:3.17.1-1_all.deb |
| Debian | 13 | all | nss | < 2:3.17.1-1 | nss_2:3.17.1-1_all.deb |
Related
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-424)
2015-09-08 00:00:00
Seamonkey RSA Spoof Vulnerability (Sep 2014) - Mac OS X
2014-09-30 00:00:00
Mozilla Firefox ESR RSA Spoof Vulnerability (Sep 2014) - Windows
2014-09-29 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : nss (MDVSA-2014:189)
2014-09-26 00:00:00
Debian DSA-3034-1 : iceweasel - security update
2014-09-26 00:00:00
RHEL 5 / 6 / 7 : nss (RHSA-2014:1307)
2014-09-26 00:00:00
debian
debian
[SECURITY] [DSA 3033-1] nss security update
2014-09-25 00:23:40
[SECURITY] [DSA 3037-1] icedove security update
2014-09-26 19:31:43
[SECURITY] [DSA 3034-1] iceweasel security update
2014-09-25 06:25:14
osv
osv
nss - security update
2014-09-25 00:00:00
CVE-2018-16253
2018-11-07 20:29:00
CVE-2018-16152
2018-09-26 21:29:01
cert
cert
suse
suse
Security update for mozilla-nss (important)
2014-10-01 17:04:53
NSS update to avoid signature forgery (critical)
2014-09-28 12:04:18
Security update for mozilla-nss (important)
2014-09-30 01:04:19
prion
prion
Design/Logic Flaw
2014-09-25 17:55:00
Design/Logic Flaw
2018-09-26 21:29:00
Code injection
2018-11-07 20:29:00
centos
centos
nss security update
2014-09-26 11:29:24
mozilla
mozilla
RSA Signature Forgery in NSS — Mozilla
2014-09-24 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2014-09-24 00:00:00
NSS vulnerability
2014-09-24 00:00:00
Thunderbird vulnerabilities
2014-09-24 00:00:00
cve
cve
checkpoint_advisories
checkpoint_advisories
Mozilla Network Security Services RSA Signature Forgery (CVE-2014-1568)
2014-10-19 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: nss-softokn-3.17.1-2.fc21
2014-09-29 04:00:06
[SECURITY] Fedora 21 Update: nss-3.17.1-1.fc21
2014-09-29 04:00:07
[SECURITY] Fedora 21 Update: nss-util-3.17.1-1.fc21
2014-09-29 04:00:07
redhat
redhat
(RHSA-2014:1371) Important: nss security update
2014-10-10 00:00:00
(RHSA-2014:1307) Important: nss security update
2014-09-26 00:00:00
(RHSA-2014:1354) Critical: rhev-hypervisor6 security update
2014-10-02 00:00:00
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2014-1568
2014-09-24 00:00:00
CVE-2018-16152
2018-09-24 00:00:00
freebsd
freebsd
NSS -- RSA Signature Forgery
2014-09-23 00:00:00
chromium -- RSA signature malleability in NSS
2014-09-24 00:00:00
amazon
amazon
Important: nss-util
2014-10-01 16:32:00
Important: nss-softokn
2014-10-01 16:32:00
Important: nss
2014-10-01 16:32:00
veracode
veracode
Spoofable RSA Signatures
2019-01-15 09:01:59
archlinux
archlinux
NSS: Signature forgery attack
2014-09-24 00:00:00
mageia
mageia
Updated nss packages fix CVE-2014-1568
2014-09-26 19:55:04
oraclelinux
oraclelinux
nss security update
2014-09-26 00:00:00
nss, nss-util, and nss-softokn security, bug fix, and enhancement update
2014-12-02 00:00:00
chrome
chrome
Stable Channel Update
2014-09-24 00:00:00
nvd
nvd
debiancve
debiancve
CVE-2018-16152
2018-09-26 21:29:01
CVE-2018-16253
2018-11-07 20:29:00
redhatcve
redhatcve
CVE-2018-16152
2018-10-03 20:20:39
alpinelinux
alpinelinux
CVE-2018-16152
2018-09-26 21:29:01
ibm
ibm
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-04-17 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-01-25 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-07-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.038
Percentile
91.9%
Related for DEBIANCVE:CVE-2014-1568