Lucene search

K

[email protected]NVD:CVE-2013-0791

HistoryApr 03, 2013 - 11:56 a.m.

CVE-2013-0791

2013-04-0311:56:21

CWE-119

[email protected]

web.nvd.nist.gov

1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.6 Medium

AI Score

Confidence

High

0.069 Low

EPSS

Percentile

94.0%

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.

Affected configurations

NVD

Node

mozillafirefoxRange≤20.0

OR

mozillafirefox_esrRange17.0–17.0.5

OR

mozillanetwork_security_servicesRange<3.15

OR

mozillaseamonkeyRange<2.17

OR

mozillathunderbirdRange<17.0.5

OR

mozillathunderbird_esrRange17.0–17.0.5

Node

canonicalubuntu_linuxMatch10.04-

OR

canonicalubuntu_linuxMatch11.10

OR

canonicalubuntu_linuxMatch12.04-

OR

canonicalubuntu_linuxMatch12.10

Node

oraclevm_serverMatch3.2x86

Node

redhatenterprise_linux_desktopMatch5.0

OR

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_eusMatch5.9

OR

redhatenterprise_linux_serverMatch5.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_server_ausMatch5.9

OR

redhatenterprise_linux_workstationMatch5.0

OR

redhatenterprise_linux_workstationMatch6.0

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html

lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html

lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html

lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html

rhn.redhat.com/errata/RHSA-2013-1135.html

rhn.redhat.com/errata/RHSA-2013-1144.html

www.mozilla.org/security/announce/2013/mfsa2013-40.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/58826

www.ubuntu.com/usn/USN-1791-1

bugzilla.mozilla.org/show_bug.cgi?id=629816

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.6 Medium

AI Score

Confidence

High

0.069 Low

EPSS

Percentile

94.0%

Related for NVD:CVE-2013-0791

veracode2 prion1 debiancve1 mozilla1 cvelist1 cve1 ubuntucve1 openvas49 centos2 amazon2 nessus39 oraclelinux2 redhat3 ubuntu3 suse7 vmware1 securityvulns1 freebsd1 gentoo1