PT-2015-2630 · Mozilla+5 · Firefox+7

Tsmith

+1

·

Published

2015-11-03

·

Updated

2024-12-12

·

CVE-2015-7181

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions prior to 3.19.2.1 Mozilla Network Security Services (NSS) versions 3.20.x prior to 3.20.1 Firefox versions prior to 42.0 Firefox ESR 38.x versions prior to 38.4
Description The issue is related to the sec asn1d parse leaf function, which improperly restricts access to a data structure. This can be exploited by remote attackers using crafted OCTET STRING data, potentially leading to a denial of service or execution of arbitrary code. The problem is described as a "use-after-poison" issue and is also related to a buffer overflow.
Recommendations For Mozilla Network Security Services (NSS) versions prior to 3.19.2.1, update to version 3.19.2.1 or later. For Mozilla Network Security Services (NSS) versions 3.20.x prior to 3.20.1, update to version 3.20.1 or later. For Firefox versions prior to 42.0, update to version 42.0 or later. For Firefox ESR 38.x versions prior to 38.4, update to version 38.4 or later.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2015-1973
ALT-PU-2015-1974
ALT-PU-2016-1454
BDU:2015-11995
CESA-2015_1981
CVE-2015-7181
DLA-354-1
DLA-480-1
DSA-3393-1
DSA-3410-1
DSA-3688-1
MGASA-2015-0427
OPENSUSE-SU-2015_1942-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10218-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:10451-1
OPENSUSE-SU-2024:14572-1
RHSA-2015:1980
RHSA-2015:1981
RHSA-2015:2068
RHSA-2015_1980
RHSA-2015_1981
SUSE-SU-2015:1926-1
SUSE-SU-2015:1978-1
SUSE-SU-2015:1981-1
USN-2785-1
USN-2791-1
USN-2819-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Network Security Services
Red Hat
Suse
Ubuntu