RVD icon indicating copy to clipboard operation
RVD copied to clipboard
verified publisher icon aliasrobotics

RVD#1449: OoB Write will cause Mozilla Network Security Services to crash on various iterations from 3.21.4 to 3.30.1

Open glerapic opened this issue 5 years ago • 0 comments 

{
    "id": 1449,
    "title": "RVD#1449: OoB Write will cause Mozilla Network Security Services to crash on various iterations from 3.21.4 to 3.30.1",
    "type": "vulnerabitity",
    "description": "Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.",
    "cwe": "CWE-787",
    "cve": "CVE-2017-5461",
    "keywords": "triage",
    "system": "URx",
    "vendor": "Universal Robots",
    "severity": {
        "rvss-score": 9.8,
        "rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:U/S:U/C:H/I:H/A:H/H:N",
        "severity-description": "Critical",
        "cvss-score": 9.8,
        "cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    },
    "links": [
        "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5461",
        "https://github.com/aliasrobotics/RVD/issues/1449"
    ],
    "flaw": {
        "phase": "explotation",
        "specificity": "N/A",
        "architectural-location": "internal",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "libnss3 2:3.14.5-1+deb7u3 i386",
        "languages": "None",
        "date-detected": null,
        "detected-by": "Victor Mayoral Vilches and Lander Usategui San Juan (Alias Robotics)",
        "detected-by-method": "N/A",
        "date-reported": "2020-04-02",
        "reported-by": "Alias Robotics S.L.",
        "reported-by-relationship": "Security researcher",
        "issue": "https://github.com/aliasrobotics/RVD/issues/1449",
        "reproducibility": "Always",
        "trace": "N/A",
        "reproduction": "Not available",
        "reproduction-image": "Not available"
    },
    "exploitation": {
        "description": "By performing an incorrect base64 operation, an OoB Write can be triggered causing MNSS to crash",
        "exploitation-image": "Not available",
        "exploitation-vector": "Not available"
    },
    "mitigation": {
        "description": "sudo apt-get --assume-yes install --only-upgrade libnss3",
        "pull-request": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380",
        "date-mitigation": null
    }
}

glerapic avatar Apr 02 '20 08:04 glerapic