CVE-2017-5461
nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.
Los servicios de Seguridad de Red de Mozilla (Network Security Services o NSS) en versiones anteriores a la 3.21.4, versiones de las 3.22.x a las 3.28.x anteriores a la 3.28.4, versiones 3.29.x anteriores a la 3.29.5 y versiones 3.30.x anteriores a la 3.30.1 permiten que atacantes remotos provoquen una denegación de servicio (escritura fuera de límites) o que, probablemente, causen otro impacto no especificado aprovechando operaciones en base64 incorrectas.
An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-01-13 CVE Reserved
- 2017-04-20 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (22)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/98050 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038320 | Third Party Advisory | |
| https://www.oracle.com//security-alerts/cpujul2021.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3831 | 2021-07-20 | |
| http://www.debian.org/security/2017/dsa-3872 | 2021-07-20 | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | 2021-07-20 | |
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | 2021-07-20 | |
| https://access.redhat.com/errata/RHSA-2017:1100 | 2021-07-20 | |
| https://access.redhat.com/errata/RHSA-2017:1101 | 2021-07-20 | |
| https://access.redhat.com/errata/RHSA-2017:1102 | 2021-07-20 | |
| https://access.redhat.com/errata/RHSA-2017:1103 | 2021-07-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | < 3.21.4 Search vendor "Mozilla" for product "Network Security Services" and version " < 3.21.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | > 3.22 < 3.28.4 Search vendor "Mozilla" for product "Network Security Services" and version " > 3.22 < 3.28.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | >= 3.29 < 3.29.5 Search vendor "Mozilla" for product "Network Security Services" and version " >= 3.29 < 3.29.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | >= 3.30 < 3.30.1 Search vendor "Mozilla" for product "Network Security Services" and version " >= 3.30 < 3.30.1" | - |
Affected
| ||||||