CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
89.8%
The definite_length_decoder function in lib/util/quickder.c in Mozilla
Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3
does not ensure that the DER encoding of an ASN.1 length is properly
formed, which allows remote attackers to conduct data-smuggling attacks by
using a long byte sequence for an encoding, as demonstrated by the
SEC_QuickDERDecodeItem function’s improper handling of an arbitrary-length
encoding of 0x00.
www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes
launchpad.net/bugs/cve/CVE-2014-1569
nvd.nist.gov/vuln/detail/CVE-2014-1569
security-tracker.debian.org/tracker/CVE-2014-1569
ubuntu.com/security/notices/USN-2452-1
www.cve.org/CVERecord?id=CVE-2014-1569
www.imperialviolet.org/2014/09/26/pkcs1.html
www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02