9.3

CVE-2009-2404

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaNetwork Security Services Version3.12.3
   AolInstant Messenger
   GnomeEvolution
   MozillaFirefox
   MozillaSeamonkey
   MozillaThunderbird
   PidginPidgin
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.16% 0.896
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/39428
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1
http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html
http://www.us-cert.gov/cas/techalerts/TA10-103B.html
US Government Resource
http://secunia.com/advisories/36088
Vendor Advisory
http://secunia.com/advisories/36125
Vendor Advisory
http://secunia.com/advisories/36139
Vendor Advisory
http://secunia.com/advisories/36157
Vendor Advisory
http://secunia.com/advisories/36434
http://secunia.com/advisories/37098
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1
http://www.debian.org/security/2009/dsa-1874
http://www.mandriva.com/security/advisories?name=MDVSA-2009:197
http://www.mandriva.com/security/advisories?name=MDVSA-2009:216
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
http://www.redhat.com/support/errata/RHSA-2009-1207.html
http://www.ubuntu.com/usn/usn-810-1
http://www.vupen.com/english/advisories/2009/2085
Patch
Vendor Advisory
https://usn.ubuntu.com/810-2/
http://rhn.redhat.com/errata/RHSA-2009-1185.html
http://secunia.com/advisories/36102
Vendor Advisory
http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf
http://www.mozilla.org/security/announce/2009/mfsa2009-43.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/35891
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=512912
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658