Out-of-Bounds in nss

Do your applications use this vulnerable package? Test your applications

Overview

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

References

CVE Details
Debian Security Tracker
GENTOO
GENTOO
MLIST
Mozilla Security Advisory
Mozilla Security Advisory
Mozilla Security Advisory
OpenSuse Security Announcement
OpenSuse Security Announcement
REDHAT
RHSA Security Advisory
RedHat Bugzilla Bug
SUSE
SUSE
SUSE
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2019-11729
CWE: CWE-119
Snyk ID: SNYK-DEBIAN9-NSS-453526
Disclosed: 23 Jul, 2019
Published: 24 Jul, 2019

Out-of-Bounds
Affecting nss package, versions <2:3.26.2-1.1+deb9u2

Overview

References

CVSS Score

Out-of-Bounds Affecting nss package, versions <2:3.26.2-1.1+deb9u2

Overview

References

Out-of-Bounds
Affecting nss package, versions <2:3.26.2-1.1+deb9u2