CVE-2013-5605
nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
Servicios de seguridad de red Mozilla (NSS) 3.14 antes de 3.14.5 y 3.15 antes de 3.15.3 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de paquetes handshake no válidos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-08-26 CVE Reserved
- 2013-11-16 CVE Published
- 2023-06-29 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (30)
| URL | Tag | Source |
|---|---|---|
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 | X_refsource_confirm | |
| http://seclists.org/fulldisclosure/2014/Dec/23 | Mailing List |
|
| http://www.mozilla.org/security/announce/2013/mfsa2013-103.html | X_refsource_confirm | |
| http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/534161/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/63738 | Vdb Entry | |
| http://www.vmware.com/security/advisories/VMSA-2014-0012.html | X_refsource_confirm | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=934016 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://developer.mozilla.org/docs/NSS/NSS_3.14.5_release_notes | 2018-10-09 | |
| https://developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes | 2018-10-09 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html | 2018-10-09 | |
| http://lists.opensuse.org/opensuse-updates/2013-11/msg00078.html | 2018-10-09 | |
| http://lists.opensuse.org/opensuse-updates/2013-11/msg00080.html | 2018-10-09 | |
| http://rhn.redhat.com/errata/RHSA-2013-1791.html | 2018-10-09 | |
| http://rhn.redhat.com/errata/RHSA-2013-1829.html | 2018-10-09 | |
| http://rhn.redhat.com/errata/RHSA-2013-1840.html | 2018-10-09 | |
| http://rhn.redhat.com/errata/RHSA-2013-1841.html | 2018-10-09 | |
| http://rhn.redhat.com/errata/RHSA-2014-0041.html | 2018-10-09 | |
| http://security.gentoo.org/glsa/glsa-201406-19.xml | 2018-10-09 | |
| http://www.debian.org/security/2013/dsa-2800 | 2018-10-09 | |
| http://www.ubuntu.com/usn/USN-2030-1 | 2018-10-09 | |
| http://www.ubuntu.com/usn/USN-2031-1 | 2018-10-09 | |
| http://www.ubuntu.com/usn/USN-2032-1 | 2018-10-09 | |
| https://security.gentoo.org/glsa/201504-01 | 2018-10-09 | |
| https://access.redhat.com/security/cve/CVE-2013-5605 | 2014-01-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1030807 | 2014-01-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.14 Search vendor "Mozilla" for product "Network Security Services" and version "3.14" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.14.1 Search vendor "Mozilla" for product "Network Security Services" and version "3.14.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.14.2 Search vendor "Mozilla" for product "Network Security Services" and version "3.14.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.14.3 Search vendor "Mozilla" for product "Network Security Services" and version "3.14.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.14.4 Search vendor "Mozilla" for product "Network Security Services" and version "3.14.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.15 Search vendor "Mozilla" for product "Network Security Services" and version "3.15" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.15.1 Search vendor "Mozilla" for product "Network Security Services" and version "3.15.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.15.2 Search vendor "Mozilla" for product "Network Security Services" and version "3.15.2" | - |
Affected
| ||||||