csaf_redhat - rhsa-2017

rhsa-2017_1101

Vulnerability from csaf_redhat

Published

2017-04-20 02:17

Modified

2024-11-05 19:59

Summary

Red Hat Security Advisory: nss security update

Notes

Topic

An update for nss is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for nss is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.\n\nSecurity Fix(es):\n\n* An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461)\n\nRed Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2017:1101",
        "url": "https://access.redhat.com/errata/RHSA-2017:1101"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "1440080",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1440080"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1101.json"
      }
    ],
    "title": "Red Hat Security Advisory: nss security update",
    "tracking": {
      "current_release_date": "2024-11-05T19:59:13+00:00",
      "generator": {
        "date": "2024-11-05T19:59:13+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2017:1101",
      "initial_release_date": "2017-04-20T02:17:09+00:00",
      "revision_history": [
        {
          "date": "2017-04-20T02:17:09+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2017-04-20T02:17:09+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T19:59:13+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 5 ELS)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 5 ELS)",
                  "product_id": "5Server-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_els:5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nss-devel-0:3.21.4-1.el5_11.x86_64",
                "product": {
                  "name": "nss-devel-0:3.21.4-1.el5_11.x86_64",
                  "product_id": "nss-devel-0:3.21.4-1.el5_11.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-devel@3.21.4-1.el5_11?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-0:3.21.4-1.el5_11.x86_64",
                "product": {
                  "name": "nss-0:3.21.4-1.el5_11.x86_64",
                  "product_id": "nss-0:3.21.4-1.el5_11.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss@3.21.4-1.el5_11?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
                "product": {
                  "name": "nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
                  "product_id": "nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-debuginfo@3.21.4-1.el5_11?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-tools-0:3.21.4-1.el5_11.x86_64",
                "product": {
                  "name": "nss-tools-0:3.21.4-1.el5_11.x86_64",
                  "product_id": "nss-tools-0:3.21.4-1.el5_11.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-tools@3.21.4-1.el5_11?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
                "product": {
                  "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
                  "product_id": "nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.21.4-1.el5_11?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nss-devel-0:3.21.4-1.el5_11.i386",
                "product": {
                  "name": "nss-devel-0:3.21.4-1.el5_11.i386",
                  "product_id": "nss-devel-0:3.21.4-1.el5_11.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-devel@3.21.4-1.el5_11?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-0:3.21.4-1.el5_11.i386",
                "product": {
                  "name": "nss-0:3.21.4-1.el5_11.i386",
                  "product_id": "nss-0:3.21.4-1.el5_11.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss@3.21.4-1.el5_11?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-debuginfo-0:3.21.4-1.el5_11.i386",
                "product": {
                  "name": "nss-debuginfo-0:3.21.4-1.el5_11.i386",
                  "product_id": "nss-debuginfo-0:3.21.4-1.el5_11.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-debuginfo@3.21.4-1.el5_11?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
                "product": {
                  "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
                  "product_id": "nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.21.4-1.el5_11?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-tools-0:3.21.4-1.el5_11.i386",
                "product": {
                  "name": "nss-tools-0:3.21.4-1.el5_11.i386",
                  "product_id": "nss-tools-0:3.21.4-1.el5_11.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-tools@3.21.4-1.el5_11?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nss-devel-0:3.21.4-1.el5_11.s390x",
                "product": {
                  "name": "nss-devel-0:3.21.4-1.el5_11.s390x",
                  "product_id": "nss-devel-0:3.21.4-1.el5_11.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-devel@3.21.4-1.el5_11?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-0:3.21.4-1.el5_11.s390x",
                "product": {
                  "name": "nss-0:3.21.4-1.el5_11.s390x",
                  "product_id": "nss-0:3.21.4-1.el5_11.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss@3.21.4-1.el5_11?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-debuginfo-0:3.21.4-1.el5_11.s390x",
                "product": {
                  "name": "nss-debuginfo-0:3.21.4-1.el5_11.s390x",
                  "product_id": "nss-debuginfo-0:3.21.4-1.el5_11.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-debuginfo@3.21.4-1.el5_11?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-tools-0:3.21.4-1.el5_11.s390x",
                "product": {
                  "name": "nss-tools-0:3.21.4-1.el5_11.s390x",
                  "product_id": "nss-tools-0:3.21.4-1.el5_11.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-tools@3.21.4-1.el5_11?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
                "product": {
                  "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
                  "product_id": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.21.4-1.el5_11?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nss-devel-0:3.21.4-1.el5_11.s390",
                "product": {
                  "name": "nss-devel-0:3.21.4-1.el5_11.s390",
                  "product_id": "nss-devel-0:3.21.4-1.el5_11.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-devel@3.21.4-1.el5_11?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-0:3.21.4-1.el5_11.s390",
                "product": {
                  "name": "nss-0:3.21.4-1.el5_11.s390",
                  "product_id": "nss-0:3.21.4-1.el5_11.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss@3.21.4-1.el5_11?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-debuginfo-0:3.21.4-1.el5_11.s390",
                "product": {
                  "name": "nss-debuginfo-0:3.21.4-1.el5_11.s390",
                  "product_id": "nss-debuginfo-0:3.21.4-1.el5_11.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-debuginfo@3.21.4-1.el5_11?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
                "product": {
                  "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
                  "product_id": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.21.4-1.el5_11?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nss-0:3.21.4-1.el5_11.src",
                "product": {
                  "name": "nss-0:3.21.4-1.el5_11.src",
                  "product_id": "nss-0:3.21.4-1.el5_11.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss@3.21.4-1.el5_11?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-0:3.21.4-1.el5_11.i386 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-0:3.21.4-1.el5_11.i386"
        },
        "product_reference": "nss-0:3.21.4-1.el5_11.i386",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-0:3.21.4-1.el5_11.s390 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-0:3.21.4-1.el5_11.s390"
        },
        "product_reference": "nss-0:3.21.4-1.el5_11.s390",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-0:3.21.4-1.el5_11.s390x as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-0:3.21.4-1.el5_11.s390x"
        },
        "product_reference": "nss-0:3.21.4-1.el5_11.s390x",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-0:3.21.4-1.el5_11.src as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-0:3.21.4-1.el5_11.src"
        },
        "product_reference": "nss-0:3.21.4-1.el5_11.src",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-0:3.21.4-1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-0:3.21.4-1.el5_11.x86_64"
        },
        "product_reference": "nss-0:3.21.4-1.el5_11.x86_64",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-debuginfo-0:3.21.4-1.el5_11.i386 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.i386"
        },
        "product_reference": "nss-debuginfo-0:3.21.4-1.el5_11.i386",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-debuginfo-0:3.21.4-1.el5_11.s390 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390"
        },
        "product_reference": "nss-debuginfo-0:3.21.4-1.el5_11.s390",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-debuginfo-0:3.21.4-1.el5_11.s390x as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390x"
        },
        "product_reference": "nss-debuginfo-0:3.21.4-1.el5_11.s390x",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-debuginfo-0:3.21.4-1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.x86_64"
        },
        "product_reference": "nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-devel-0:3.21.4-1.el5_11.i386 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.i386"
        },
        "product_reference": "nss-devel-0:3.21.4-1.el5_11.i386",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-devel-0:3.21.4-1.el5_11.s390 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390"
        },
        "product_reference": "nss-devel-0:3.21.4-1.el5_11.s390",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-devel-0:3.21.4-1.el5_11.s390x as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390x"
        },
        "product_reference": "nss-devel-0:3.21.4-1.el5_11.s390x",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-devel-0:3.21.4-1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.x86_64"
        },
        "product_reference": "nss-devel-0:3.21.4-1.el5_11.x86_64",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.i386 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.i386"
        },
        "product_reference": "nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390"
        },
        "product_reference": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x"
        },
        "product_reference": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64"
        },
        "product_reference": "nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-tools-0:3.21.4-1.el5_11.i386 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.i386"
        },
        "product_reference": "nss-tools-0:3.21.4-1.el5_11.i386",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-tools-0:3.21.4-1.el5_11.s390x as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.s390x"
        },
        "product_reference": "nss-tools-0:3.21.4-1.el5_11.s390x",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-tools-0:3.21.4-1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.x86_64"
        },
        "product_reference": "nss-tools-0:3.21.4-1.el5_11.x86_64",
        "relates_to_product_reference": "5Server-ELS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the Mozilla project"
          ]
        },
        {
          "names": [
            "Ronald Crane"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2017-5461",
      "discovery_date": "2017-04-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1440080"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The security flaw exists in NSS library Base64 encoder/decoder code. Any application which uses NSS library to parse base64 encoded data could possibly be affected by the flaw. For example:\n\n1. Servers compiled against NSS which parse untrusted certificates or any other base64 encoded data from its users.\n\n2. Utilities like curl etc which use NSS to parse user provided base64 encoded certificates.\n\n3. Applications like Firefox which use NSS to parse client-certificates before passing them to the web server.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-ELS:nss-0:3.21.4-1.el5_11.i386",
          "5Server-ELS:nss-0:3.21.4-1.el5_11.s390",
          "5Server-ELS:nss-0:3.21.4-1.el5_11.s390x",
          "5Server-ELS:nss-0:3.21.4-1.el5_11.src",
          "5Server-ELS:nss-0:3.21.4-1.el5_11.x86_64",
          "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.i386",
          "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390",
          "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390x",
          "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
          "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.i386",
          "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390",
          "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390x",
          "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.x86_64",
          "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
          "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
          "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
          "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
          "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.i386",
          "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.s390x",
          "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#1440080",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1440080"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5461"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461",
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461"
        }
      ],
      "release_date": "2017-04-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-04-20T02:17:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.",
          "product_ids": [
            "5Server-ELS:nss-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.src",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1101"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "5Server-ELS:nss-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.src",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)"
    }
  ]
}

cve-2017-5461

Vulnerability from cvelistv5

Published

2017-05-11 01:00

Modified

2024-08-05 15:04

Severity ?

Summary

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

References

▼	URL	Tags
	https://security.gentoo.org/glsa/201705-04	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/98050	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:1103	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2017/dsa-3831	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:1100	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1102	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1101	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2017/dsa-3872	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1038320	vdb-entry, x_refsource_SECTRACK
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes	x_refsource_CONFIRM
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes	x_refsource_CONFIRM
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes	x_refsource_CONFIRM
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes	x_refsource_CONFIRM
	https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461	x_refsource_CONFIRM
	https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461	x_refsource_CONFIRM
	https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1344380	x_refsource_CONFIRM
	https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461	x_refsource_CONFIRM

Impacted products

▼	Vendor	Product
	Mozilla	Thunderbird
	Mozilla	Firefox ESR
	Mozilla	Firefox

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:04:14.289Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201705-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201705-04"
          },
          {
            "name": "98050",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98050"
          },
          {
            "name": "RHSA-2017:1103",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1103"
          },
          {
            "name": "DSA-3831",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3831"
          },
          {
            "name": "RHSA-2017:1100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1100"
          },
          {
            "name": "RHSA-2017:1102",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1102"
          },
          {
            "name": "RHSA-2017:1101",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1101"
          },
          {
            "name": "DSA-3872",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3872"
          },
          {
            "name": "1038320",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038320"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "52.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "52.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "53",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-05-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds write in Base64 encoding in NSS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:53:05",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "GLSA-201705-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201705-04"
        },
        {
          "name": "98050",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98050"
        },
        {
          "name": "RHSA-2017:1103",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1103"
        },
        {
          "name": "DSA-3831",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3831"
        },
        {
          "name": "RHSA-2017:1100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1100"
        },
        {
          "name": "RHSA-2017:1102",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1102"
        },
        {
          "name": "RHSA-2017:1101",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1101"
        },
        {
          "name": "DSA-3872",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3872"
        },
        {
          "name": "1038320",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038320"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-5461",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "52.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.9"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "52.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "53"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds write in Base64 encoding in NSS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201705-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201705-04"
            },
            {
              "name": "98050",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98050"
            },
            {
              "name": "RHSA-2017:1103",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1103"
            },
            {
              "name": "DSA-3831",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3831"
            },
            {
              "name": "RHSA-2017:1100",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1100"
            },
            {
              "name": "RHSA-2017:1102",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1102"
            },
            {
              "name": "RHSA-2017:1101",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1101"
            },
            {
              "name": "DSA-3872",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3872"
            },
            {
              "name": "1038320",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038320"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes",
              "refsource": "CONFIRM",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes",
              "refsource": "CONFIRM",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes",
              "refsource": "CONFIRM",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes",
              "refsource": "CONFIRM",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes"
            },
            {
              "name": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461"
            },
            {
              "name": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461"
            },
            {
              "name": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1344380"
            },
            {
              "name": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2017-5461",
    "datePublished": "2017-05-11T01:00:00",
    "dateReserved": "2017-01-13T00:00:00",
    "dateUpdated": "2024-08-05T15:04:14.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted