Vulnerability in Mozilla Network_security_services
CVE-2014-1569
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remot…
EPSS: 0.036 (88.1th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Network_security_services — versions 3.16.2.0, 3.16.2.1, 3.16.2.2
- N/a — versions n/a
References
- security@mozilla.org (x_refsource_CONFIRM, Exploit)
- openSUSE-SU-2015:0138 (vendor-advisory, x_refsource_SUSE)
- security@mozilla.org (x_refsource_CONFIRM)
- security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
- security@mozilla.org (Exploit, x_refsource_MISC)
- 1032909 (vdb-entry, x_refsource_SECTRACK)
- security@mozilla.org (x_refsource_CONFIRM)
- SUSE-SU-2015:0173 (vendor-advisory, x_refsource_SUSE)
- SUSE-SU-2015:0171 (vendor-advisory, x_refsource_SUSE)
- security@mozilla.org (Exploit, x_refsource_MISC)