CVE-2015-7182
nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
Desbordamiento de buffer basado en memoria dinámica en el decodificador ASN.1 en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 y 3.20.x en versiones anteriores a 3.20.1, como se utiliza en Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 y otros productos, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario a través de datos OCTET STRING manipulados.
A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-09-16 CVE Reserved
- 2015-11-04 CVE Published
- 2024-07-12 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (37)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html | X_refsource_misc |
|
| http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/77416 | Vdb Entry | |
| http://www.securityfocus.com/bid/91787 | Vdb Entry | |
| http://www.securitytracker.com/id/1034069 | Vdb Entry | |
| https://bto.bluecoat.com/security-advisory/sa119 | X_refsource_confirm | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1202868 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | 2017-11-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Traffic Director Search vendor "Oracle" for product "Traffic Director" | 11.1.1.7.0 Search vendor "Oracle" for product "Traffic Director" and version "11.1.1.7.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Traffic Director Search vendor "Oracle" for product "Traffic Director" | 11.1.1.9.0 Search vendor "Oracle" for product "Traffic Director" and version "11.1.1.9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Opensso Search vendor "Oracle" for product "Opensso" | 3.0-0.7 Search vendor "Oracle" for product "Opensso" and version "3.0-0.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Iplanet Web Proxy Server Search vendor "Oracle" for product "Iplanet Web Proxy Server" | 4.0 Search vendor "Oracle" for product "Iplanet Web Proxy Server" and version "4.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.0.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.0.5 Search vendor "Mozilla" for product "Firefox Esr" and version "38.0.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.1.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.1.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.1.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.1.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.2.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.2.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.2.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.2.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.3.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Glassfish Server Search vendor "Oracle" for product "Glassfish Server" | 2.1.1 Search vendor "Oracle" for product "Glassfish Server" and version "2.1.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | <= 3.19.2.0 Search vendor "Mozilla" for product "Network Security Services" and version " <= 3.19.2.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | 3.20.0 Search vendor "Mozilla" for product "Network Security Services" and version "3.20.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Iplanet Web Server Search vendor "Oracle" for product "Iplanet Web Server" | 7.0 Search vendor "Oracle" for product "Iplanet Web Server" and version "7.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 41.0.2 Search vendor "Mozilla" for product "Firefox" and version " <= 41.0.2" | - |
Affected
| ||||||