Out-of-Bounds in nss

Do your applications use this vulnerable package? Test your applications

Overview

The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.

References

Debian Security Tracker
Gentoo Security Advisory
MISC
MISC
Seclists Full Disclosure
Security Focus
Security Tracker
Ubuntu CVE Tracker

Attack Vector

Local
Attack Complexity

Low
Privileges Required

Low
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-11697
CWE: CWE-119
Snyk ID: SNYK-DEBIAN10-NSS-421286
Disclosed: 27 Dec, 2017
Published: 27 Dec, 2017

Out-of-Bounds
Affecting nss package, versions *

Overview

References

CVSS Score

Out-of-Bounds Affecting nss package, versions *

Overview

References

Out-of-Bounds
Affecting nss package, versions *