What is CVE-2018-18508?

CVE-2018-18508 is a vulnerability in Mozilla Nss. Published 2020-10-22.

Is CVE-2018-18508 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mozilla Nss

CVE-2018-18508

In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.

EPSS: 0.004 (63.2th percentile) — read the EPSS interpretation.

Affected products

Mozilla Nss — versions unspecified

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes (x_refsource_MISC)
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes (x_refsource_MISC)
cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf (x_refsource_CONFIRM)
us-cert.cisa.gov/ics/advisories/icsa-21-040-04 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-18508?: CVE-2018-18508 is a vulnerability in Mozilla Nss. Published 2020-10-22.
Is CVE-2018-18508 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.