CVE-2013-5605
nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)
Severity Score
Exploit Likelihood
Affected Versions
8Public Exploits
0Exploited in Wild
-Decision
Descriptions
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
Servicios de seguridad de red Mozilla (NSS) 3.14 antes de 3.14.5 y 3.15 antes de 3.15.3 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de paquetes handshake no válidos.
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-08-26 CVE Reserved
- 2013-11-16 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (30)
| URL | Tag | Source |
|---|---|---|
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 | X_refsource_confirm | |
| http://seclists.org/fulldisclosure/2014/Dec/23 | Mailing List |
|
| http://www.mozilla.org/security/announce/2013/mfsa2013-103.html | X_refsource_confirm | |
| http://www.oracle.com/technetwork/topics/security/cpujan2015-197... | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpujan2016-236... | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpujul2014-197... | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpuoct2014-197... | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/ovmbulletinjul... | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/534161/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/63738 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2013-... | 2018-10-09 | |
| http://lists.opensuse.org/opensuse-updates/2013-11/msg0007... | 2018-10-09 | |
| http://lists.opensuse.org/opensuse-updates/2013-11/msg0008... | 2018-10-09 | |
| http://rhn.redhat.com/errata/RHSA-2013-1791.html | 2018-10-09 | |
| http://rhn.redhat.com/errata/RHSA-2013-1829.html | 2018-10-09 | |
| http://rhn.redhat.com/errata/RHSA-2013-1840.html | 2018-10-09 | |
| http://rhn.redhat.com/errata/RHSA-2013-1841.html | 2018-10-09 | |
| http://rhn.redhat.com/errata/RHSA-2014-0041.html | 2018-10-09 | |
| http://security.gentoo.org/glsa/glsa-201406-19.xml | 2018-10-09 | |
| http://www.debian.org/security/2013/dsa-2800 | 2018-10-09 |