PT-2017-2615 · Mozilla+5 · Nss+5

Ronald Crane

Publicado

2017-04-19

Atualizado

2024-12-12

CVE-2017-5461

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions 3.21.4 and earlier, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1

Description The issue is caused by an out-of-bounds write in the memory due to incorrect base64 decoding operations. This can be exploited by a remote attacker using a specially crafted certificate, potentially leading to a denial of service or other unspecified impacts.

Recommendations For versions 3.21.4 and earlier, update to version 3.21.4 or later. For versions 3.22.x through 3.28.x, update to version 3.28.4 or later. For versions 3.29.x, update to version 3.29.5 or later. For versions 3.30.x, update to version 3.30.1 or later.

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2017-1505

ALT-PU-2017-1506

ALT-PU-2017-1553

ALT-PU-2017-1577

ALT-PU-2017-1885

BDU:2017-01833

CESA-2017_1100

CVE-2017-5461

DLA-906-1

DLA-946-1

DSA-3831-1

DSA-3872-1

MGASA-2017-0118

MGASA-2018-0018

OPENSUSE-SU-2017:1268-1

OPENSUSE-SU-2017_1099-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:10601-1

OPENSUSE-SU-2024:14572-1

RHSA-2017:1100

RHSA-2017:1101

RHSA-2017:1102

RHSA-2017:1103

RHSA-2017_1100

RHSA-2017_1101

SUSE-SU-2017:1175-1

SUSE-SU-2017:1248-1

SUSE-SU-2017:1669-1

SUSE-SU-2017:2235-1

USN-3260-1

USN-3260-2

USN-3270-1

USN-3278-1

USN-3372-1

Produtos afetados

Alt Linux

Centos

Nss

Red Hat

Suse

Ubuntu

PT-2017-2615 · Mozilla+5 · Nss+5

CVE-2017-5461

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2106