9.8
CVE-2015-7182
- EPSS 10.24%
- Veröffentlicht 05.11.2015 05:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Traffic Director Version11.1.1.7.0
Oracle ≫ Traffic Director Version11.1.1.9.0
Oracle ≫ Iplanet Web Proxy Server Version4.0
Oracle ≫ Glassfish Server Version2.1.1
Mozilla ≫ Network Security Services Version <= 3.19.2.0
Mozilla ≫ Network Security Services Version3.20.0
Oracle ≫ Iplanet Web Server Version7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.24% | 0.951 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/91787
https://security.gentoo.org/glsa/201512-10
https://security.gentoo.org/glsa/201605-06
http://www.debian.org/security/2016/dsa-3688
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
http://www.debian.org/security/2015/dsa-3410
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html
http://www.debian.org/security/2015/dsa-3393
http://www.securitytracker.com/id/1034069
http://www.ubuntu.com/usn/USN-2785-1
http://www.ubuntu.com/usn/USN-2819-1
http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html
http://rhn.redhat.com/errata/RHSA-2015-1980.html
http://rhn.redhat.com/errata/RHSA-2015-1981.html
http://www.mozilla.org/security/announce/2015/mfsa2015-133.html
http://www.securityfocus.com/bid/77416
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753
http://www.ubuntu.com/usn/USN-2791-1
https://bto.bluecoat.com/security-advisory/sa119
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes
https://bugzilla.mozilla.org/show_bug.cgi?id=1202868