Buffer overflow in Aol Instant_messenger

CVE-2009-2404

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers t…

Vulnerability class: Buffer Overflow

EPSS: 0.042 (89.5th percentile) — read the EPSS interpretation.

Affected products

Aol Instant_messenger
Gnome Evolution
Mozilla Firefox
Mozilla Network_security_services — versions 3.12.3
Mozilla Seamonkey
Mozilla Thunderbird
Pidgin
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_MISC)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (US Government Resource, x_refsource_CERT, third-party-advisory)
secalert@redhat.com (signature, x_refsource_OVAL, vdb-entry)
secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (signature, x_refsource_OVAL, vdb-entry)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)