Lucene search

Veracode Vulnerability DatabaseVERACODE:11964

HistoryJan 15, 2019 - 9:10 a.m.

Arbitrary Code Execution

2019-01-1509:10:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.01 Low

EPSS

Percentile

83.7%

JSON

nss-util is vulnerable to arbitrary code execution. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

CPENameOperatorVersion
nsseq3.12.3.99.3__1.el5_3.2
nsseq3.13.5__8.el5
nsseq3.13.6__3.el5_9
nsseq3.12.10__4.el5_7
nsseq3.12.6__2.el5_5
nsseq3.14.3__18.el5
nsseq3.12.1.1__3.el5
nsseq3.13.1__3.el5_8
nsseq3.12.10__8.el5
nsseq3.11.99.5__2.el5

Name	Operator	Version
nss	eq	3.12.3.99.3__1.el5_3.2
nss	eq	3.13.5__8.el5
nss	eq	3.13.6__3.el5_9
nss	eq	3.12.10__4.el5_7
nss	eq	3.12.6__2.el5_5
nss	eq	3.14.3__18.el5
nss	eq	3.12.1.1__3.el5
nss	eq	3.13.1__3.el5_8
nss	eq	3.12.10__8.el5
nss	eq	3.11.99.5__2.el5

Rows per page:

1-10 of 561

References

lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html

rhn.redhat.com/errata/RHSA-2016-0495.html

www.debian.org/security/2016/dsa-3510

www.debian.org/security/2016/dsa-3520

www.debian.org/security/2016/dsa-3688

www.mozilla.org/security/announce/2016/mfsa2016-35.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/84223

www.securitytracker.com/id/1035215

www.ubuntu.com/usn/USN-2917-1

www.ubuntu.com/usn/USN-2917-2

www.ubuntu.com/usn/USN-2917-3

www.ubuntu.com/usn/USN-2924-1

www.ubuntu.com/usn/USN-2934-1

access.redhat.com/security/updates/classification/#critical

bto.bluecoat.com/security-advisory/sa119

bugzilla.mozilla.org/show_bug.cgi?id=1245528

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes

rhn.redhat.com/errata/RHSA-2016-0371.html

security.gentoo.org/glsa/201605-06

support.apple.com/HT206166

support.apple.com/HT206167

support.apple.com/HT206168

support.apple.com/HT206169

www.mozilla.org/en-US/security/advisories/mfsa2016-36

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for VERACODE:11964