PT-2017-2615 · Mozilla+5 · Nss+5

Ronald Crane

·

Published

2017-04-19

·

Updated

2024-12-12

·

CVE-2017-5461

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions 3.21.4 and earlier, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1
Description The issue is caused by an out-of-bounds write in the memory due to incorrect base64 decoding operations. This can be exploited by a remote attacker using a specially crafted certificate, potentially leading to a denial of service or other unspecified impacts.
Recommendations For versions 3.21.4 and earlier, update to version 3.21.4 or later. For versions 3.22.x through 3.28.x, update to version 3.28.4 or later. For versions 3.29.x, update to version 3.29.5 or later. For versions 3.30.x, update to version 3.30.1 or later.

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2017-1505
ALT-PU-2017-1506
ALT-PU-2017-1553
ALT-PU-2017-1577
ALT-PU-2017-1885
BDU:2017-01833
CESA-2017_1100
CVE-2017-5461
DLA-906-1
DLA-946-1
DSA-3831-1
DSA-3872-1
MGASA-2017-0118
MGASA-2018-0018
OPENSUSE-SU-2017:1268-1
OPENSUSE-SU-2017_1099-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2017:1100
RHSA-2017:1101
RHSA-2017:1102
RHSA-2017:1103
RHSA-2017_1100
RHSA-2017_1101
SUSE-SU-2017:1175-1
SUSE-SU-2017:1248-1
SUSE-SU-2017:1669-1
SUSE-SU-2017:2235-1
USN-3260-1
USN-3260-2
USN-3270-1
USN-3278-1
USN-3372-1

Affected Products

Alt Linux
Centos
Nss
Red Hat
Suse
Ubuntu