Vulnerability Details CVE-2017-5461
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.debian.org/security/2017/dsa-3831
- http://www.debian.org/security/2017/dsa-3872
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/98050
- http://www.securitytracker.com/id/1038320
- https://access.redhat.com/errata/RHSA-2017:1100
- https://access.redhat.com/errata/RHSA-2017:1101
- https://access.redhat.com/errata/RHSA-2017:1102
- https://access.redhat.com/errata/RHSA-2017:1103
- https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes
- https://security.gentoo.org/glsa/201705-04
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461
- https://www.oracle.com//security-alerts/cpujul2021.html
- http://www.debian.org/security/2017/dsa-3831
- http://www.debian.org/security/2017/dsa-3872
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/98050
- http://www.securitytracker.com/id/1038320
- https://access.redhat.com/errata/RHSA-2017:1100
- https://access.redhat.com/errata/RHSA-2017:1101
- https://access.redhat.com/errata/RHSA-2017:1102
- https://access.redhat.com/errata/RHSA-2017:1103
- https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes
- https://security.gentoo.org/glsa/201705-04
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461
- https://www.oracle.com//security-alerts/cpujul2021.html
Products affected by CVE-2017-5461
-
cpe:2.3:a:mozilla:network_security_services:-
-
cpe:2.3:a:mozilla:network_security_services:3.1
-
cpe:2.3:a:mozilla:network_security_services:3.1.1
-
cpe:2.3:a:mozilla:network_security_services:3.10
-
cpe:2.3:a:mozilla:network_security_services:3.10.1
-
cpe:2.3:a:mozilla:network_security_services:3.10.2
-
cpe:2.3:a:mozilla:network_security_services:3.11
-
cpe:2.3:a:mozilla:network_security_services:3.11.1
-
cpe:2.3:a:mozilla:network_security_services:3.11.10
-
cpe:2.3:a:mozilla:network_security_services:3.11.2
-
cpe:2.3:a:mozilla:network_security_services:3.11.3
-
cpe:2.3:a:mozilla:network_security_services:3.11.4
-
cpe:2.3:a:mozilla:network_security_services:3.11.5
-
cpe:2.3:a:mozilla:network_security_services:3.11.6
-
cpe:2.3:a:mozilla:network_security_services:3.11.7
-
cpe:2.3:a:mozilla:network_security_services:3.11.8
-
cpe:2.3:a:mozilla:network_security_services:3.11.9
-
cpe:2.3:a:mozilla:network_security_services:3.12
-
cpe:2.3:a:mozilla:network_security_services:3.12.1
-
cpe:2.3:a:mozilla:network_security_services:3.12.10
-
cpe:2.3:a:mozilla:network_security_services:3.12.11
-
cpe:2.3:a:mozilla:network_security_services:3.12.2
-
cpe:2.3:a:mozilla:network_security_services:3.12.3
-
cpe:2.3:a:mozilla:network_security_services:3.12.3.1
-
cpe:2.3:a:mozilla:network_security_services:3.12.3.2
-
cpe:2.3:a:mozilla:network_security_services:3.12.4
-
cpe:2.3:a:mozilla:network_security_services:3.12.5
-
cpe:2.3:a:mozilla:network_security_services:3.12.6
-
cpe:2.3:a:mozilla:network_security_services:3.12.7
-
cpe:2.3:a:mozilla:network_security_services:3.12.8
-
cpe:2.3:a:mozilla:network_security_services:3.12.9
-
cpe:2.3:a:mozilla:network_security_services:3.14
-
cpe:2.3:a:mozilla:network_security_services:3.14.1
-
cpe:2.3:a:mozilla:network_security_services:3.14.2
-
cpe:2.3:a:mozilla:network_security_services:3.14.3
-
cpe:2.3:a:mozilla:network_security_services:3.14.4
-
cpe:2.3:a:mozilla:network_security_services:3.14.5
-
cpe:2.3:a:mozilla:network_security_services:3.15
-
cpe:2.3:a:mozilla:network_security_services:3.15.1
-
cpe:2.3:a:mozilla:network_security_services:3.15.2
-
cpe:2.3:a:mozilla:network_security_services:3.15.3
-
cpe:2.3:a:mozilla:network_security_services:3.15.3.1
-
cpe:2.3:a:mozilla:network_security_services:3.15.4
-
cpe:2.3:a:mozilla:network_security_services:3.15.5
-
cpe:2.3:a:mozilla:network_security_services:3.16
-
cpe:2.3:a:mozilla:network_security_services:3.16.1
-
cpe:2.3:a:mozilla:network_security_services:3.16.2
-
cpe:2.3:a:mozilla:network_security_services:3.16.2.1
-
cpe:2.3:a:mozilla:network_security_services:3.16.2.2
-
cpe:2.3:a:mozilla:network_security_services:3.16.2.3
-
cpe:2.3:a:mozilla:network_security_services:3.16.3
-
cpe:2.3:a:mozilla:network_security_services:3.16.4
-
cpe:2.3:a:mozilla:network_security_services:3.16.5
-
cpe:2.3:a:mozilla:network_security_services:3.16.6
-
cpe:2.3:a:mozilla:network_security_services:3.17
-
cpe:2.3:a:mozilla:network_security_services:3.17.1
-
cpe:2.3:a:mozilla:network_security_services:3.17.2
-
cpe:2.3:a:mozilla:network_security_services:3.17.3
-
cpe:2.3:a:mozilla:network_security_services:3.17.4
-
cpe:2.3:a:mozilla:network_security_services:3.18
-
cpe:2.3:a:mozilla:network_security_services:3.18.1
-
cpe:2.3:a:mozilla:network_security_services:3.19
-
cpe:2.3:a:mozilla:network_security_services:3.19.1
-
cpe:2.3:a:mozilla:network_security_services:3.19.2
-
cpe:2.3:a:mozilla:network_security_services:3.19.2.0
-
cpe:2.3:a:mozilla:network_security_services:3.19.3
-
cpe:2.3:a:mozilla:network_security_services:3.2
-
cpe:2.3:a:mozilla:network_security_services:3.2.1
-
cpe:2.3:a:mozilla:network_security_services:3.20
-
cpe:2.3:a:mozilla:network_security_services:3.20.0
-
cpe:2.3:a:mozilla:network_security_services:3.20.1
-
cpe:2.3:a:mozilla:network_security_services:3.21
-
cpe:2.3:a:mozilla:network_security_services:3.21.1
-
cpe:2.3:a:mozilla:network_security_services:3.21.2
-
cpe:2.3:a:mozilla:network_security_services:3.21.3
-
cpe:2.3:a:mozilla:network_security_services:3.22.1
-
cpe:2.3:a:mozilla:network_security_services:3.22.2
-
cpe:2.3:a:mozilla:network_security_services:3.23
-
cpe:2.3:a:mozilla:network_security_services:3.24
-
cpe:2.3:a:mozilla:network_security_services:3.25
-
cpe:2.3:a:mozilla:network_security_services:3.25.0
-
cpe:2.3:a:mozilla:network_security_services:3.25.1
-
cpe:2.3:a:mozilla:network_security_services:3.26
-
cpe:2.3:a:mozilla:network_security_services:3.26.0
-
cpe:2.3:a:mozilla:network_security_services:3.26.2
-
cpe:2.3:a:mozilla:network_security_services:3.27
-
cpe:2.3:a:mozilla:network_security_services:3.27.0
-
cpe:2.3:a:mozilla:network_security_services:3.27.1
-
cpe:2.3:a:mozilla:network_security_services:3.27.2
-
cpe:2.3:a:mozilla:network_security_services:3.28
-
cpe:2.3:a:mozilla:network_security_services:3.28.0
-
cpe:2.3:a:mozilla:network_security_services:3.28.1
-
cpe:2.3:a:mozilla:network_security_services:3.28.2
-
cpe:2.3:a:mozilla:network_security_services:3.28.3
-
cpe:2.3:a:mozilla:network_security_services:3.29
-
cpe:2.3:a:mozilla:network_security_services:3.29.1
-
cpe:2.3:a:mozilla:network_security_services:3.29.2
-
cpe:2.3:a:mozilla:network_security_services:3.29.3
-
cpe:2.3:a:mozilla:network_security_services:3.3
-
cpe:2.3:a:mozilla:network_security_services:3.3.1
-
cpe:2.3:a:mozilla:network_security_services:3.3.2
-
cpe:2.3:a:mozilla:network_security_services:3.30
-
cpe:2.3:a:mozilla:network_security_services:3.4
-
cpe:2.3:a:mozilla:network_security_services:3.4.1
-
cpe:2.3:a:mozilla:network_security_services:3.4.2
-
cpe:2.3:a:mozilla:network_security_services:3.4.3
-
cpe:2.3:a:mozilla:network_security_services:3.5
-
cpe:2.3:a:mozilla:network_security_services:3.6
-
cpe:2.3:a:mozilla:network_security_services:3.6.1
-
cpe:2.3:a:mozilla:network_security_services:3.7
-
cpe:2.3:a:mozilla:network_security_services:3.7.1
-
cpe:2.3:a:mozilla:network_security_services:3.7.2
-
cpe:2.3:a:mozilla:network_security_services:3.7.3
-
cpe:2.3:a:mozilla:network_security_services:3.7.5
-
cpe:2.3:a:mozilla:network_security_services:3.7.7
-
cpe:2.3:a:mozilla:network_security_services:3.8
-
cpe:2.3:a:mozilla:network_security_services:3.9
-
cpe:2.3:a:mozilla:network_security_services:3.9.1
-
cpe:2.3:a:mozilla:network_security_services:3.9.2
-
cpe:2.3:a:mozilla:network_security_services:3.9.3
-
cpe:2.3:a:mozilla:network_security_services:3.9.4
-
cpe:2.3:a:mozilla:network_security_services:3.9.5