// For flags

CVE-2015-7182

nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

Desbordamiento de buffer basado en memoria dinámica en el decodificador ASN.1 en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 y 3.20.x en versiones anteriores a 3.20.1, como se utiliza en Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 y otros productos, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario a través de datos OCTET STRING manipulados.

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-09-16 CVE Reserved
  • 2015-11-04 CVE Published
  • 2024-07-12 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-122: Heap-based Buffer Overflow
CAPEC
References (37)
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html 2017-11-04
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html 2017-11-04
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html 2017-11-04
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html 2017-11-04
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html 2017-11-04
http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html 2017-11-04
http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html 2017-11-04
http://rhn.redhat.com/errata/RHSA-2015-1980.html 2017-11-04
http://rhn.redhat.com/errata/RHSA-2015-1981.html 2017-11-04
http://www.debian.org/security/2015/dsa-3393 2017-11-04
http://www.debian.org/security/2015/dsa-3410 2017-11-04
http://www.debian.org/security/2016/dsa-3688 2017-11-04
http://www.mozilla.org/security/announce/2015/mfsa2015-133.html 2017-11-04
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753 2017-11-04
http://www.ubuntu.com/usn/USN-2785-1 2017-11-04
http://www.ubuntu.com/usn/USN-2791-1 2017-11-04
http://www.ubuntu.com/usn/USN-2819-1 2017-11-04
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes 2017-11-04
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes 2017-11-04
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes 2017-11-04
https://security.gentoo.org/glsa/201512-10 2017-11-04
https://security.gentoo.org/glsa/201605-06 2017-11-04
https://access.redhat.com/security/cve/CVE-2015-7182 2015-11-18
https://bugzilla.redhat.com/show_bug.cgi?id=1269351 2015-11-18
https://access.redhat.com/articles/2043623 2015-11-18
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
Traffic Director
Search vendor "Oracle" for product "Traffic Director"
11.1.1.7.0
Search vendor "Oracle" for product "Traffic Director" and version "11.1.1.7.0"
-
Affected
Oracle
Search vendor "Oracle"
Traffic Director
Search vendor "Oracle" for product "Traffic Director"
11.1.1.9.0
Search vendor "Oracle" for product "Traffic Director" and version "11.1.1.9.0"
-
Affected
Oracle
Search vendor "Oracle"
Opensso
Search vendor "Oracle" for product "Opensso"
3.0-0.7
Search vendor "Oracle" for product "Opensso" and version "3.0-0.7"
-
Affected
Oracle
Search vendor "Oracle"
Iplanet Web Proxy Server
Search vendor "Oracle" for product "Iplanet Web Proxy Server"
4.0
Search vendor "Oracle" for product "Iplanet Web Proxy Server" and version "4.0"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
38.0
Search vendor "Mozilla" for product "Firefox Esr" and version "38.0"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
38.0.1
Search vendor "Mozilla" for product "Firefox Esr" and version "38.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
38.0.5
Search vendor "Mozilla" for product "Firefox Esr" and version "38.0.5"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
38.1.0
Search vendor "Mozilla" for product "Firefox Esr" and version "38.1.0"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
38.1.1
Search vendor "Mozilla" for product "Firefox Esr" and version "38.1.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
38.2.0
Search vendor "Mozilla" for product "Firefox Esr" and version "38.2.0"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
38.2.1
Search vendor "Mozilla" for product "Firefox Esr" and version "38.2.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
38.3.0
Search vendor "Mozilla" for product "Firefox Esr" and version "38.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Glassfish Server
Search vendor "Oracle" for product "Glassfish Server"
2.1.1
Search vendor "Oracle" for product "Glassfish Server" and version "2.1.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Network Security Services
Search vendor "Mozilla" for product "Network Security Services"
<= 3.19.2.0
Search vendor "Mozilla" for product "Network Security Services" and version " <= 3.19.2.0"
-
Affected
Mozilla
Search vendor "Mozilla"
Network Security Services
Search vendor "Mozilla" for product "Network Security Services"
3.20.0
Search vendor "Mozilla" for product "Network Security Services" and version "3.20.0"
-
Affected
Oracle
Search vendor "Oracle"
Iplanet Web Server
Search vendor "Oracle" for product "Iplanet Web Server"
7.0
Search vendor "Oracle" for product "Iplanet Web Server" and version "7.0"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
<= 41.0.2
Search vendor "Mozilla" for product "Firefox" and version " <= 41.0.2"
-
Affected