{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "SUSE-SU-2013:0850", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"}, {"name": "USN-1791-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1791-1"}, {"name": "oval:org.mitre.oval:def:17150", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150"}, {"name": "openSUSE-SU-2013:0630", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"}, {"name": "RHSA-2013:1135", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html"}, {"name": "58826", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/58826"}, {"name": "RHSA-2013:1144", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"name": "openSUSE-SU-2013:0631", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816"}, {"name": "SUSE-SU-2013:0645", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-0791", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "SUSE-SU-2013:0850", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"}, {"name": "USN-1791-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1791-1"}, {"name": "oval:org.mitre.oval:def:17150", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150"}, {"name": "openSUSE-SU-2013:0630", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"}, {"name": "RHSA-2013:1135", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"}, {"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html"}, {"name": "58826", "refsource": "BID", "url": "http://www.securityfocus.com/bid/58826"}, {"name": "RHSA-2013:1144", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"}, {"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"name": "openSUSE-SU-2013:0631", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816"}, {"name": "SUSE-SU-2013:0645", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:41:47.091Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "SUSE-SU-2013:0850", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"}, {"name": "USN-1791-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1791-1"}, {"name": "oval:org.mitre.oval:def:17150", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150"}, {"name": "openSUSE-SU-2013:0630", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"}, {"name": "RHSA-2013:1135", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html"}, {"name": "58826", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/58826"}, {"name": "RHSA-2013:1144", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"name": "openSUSE-SU-2013:0631", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816"}, {"name": "SUSE-SU-2013:0645", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-0791", "datePublished": "2013-04-03T10:00:00", "dateReserved": "2013-01-02T00:00:00", "dateUpdated": "2024-08-06T14:41:47.091Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "85419E17-FAAE-4064-8002-DF3E2144DA94", "versionEndIncluding": "20.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "36586226-AE60-4DB6-8F41-CA2A02778F53", "versionEndExcluding": "17.0.5", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "32AFBEB6-20FD-48E4-A687-630BB4AF45B0", "versionEndExcluding": "3.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8B7351C-3F9C-4A97-83B3-DFEDA4CBB83C", "versionEndExcluding": "2.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FAF5EB6-C191-4FC6-AD19-5BDE3F725B5C", "versionEndExcluding": "17.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE639053-DE2F-49CD-89DC-A1A59B4F51C7", "versionEndExcluding": "17.0.5", "versionStartIncluding": "17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*", "matchCriteriaId": "FC9E8528-0FB8-4BF0-A9EF-6CC84A2631A1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate."}, {"lang": "es", "value": "La funci\u00f3n CERT_DecodeCertPackage en Mozilla Network Security Services (NSS), tal como se utiliza en Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes v17.0.5, Thunderbird antes de v17.0.5, Thunderbird ESR v17.x antes de v17.0.5, SeaMonkey antes de v2.17, y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fuera del terreno de juego y lectura de corrupci\u00f3n de memoria) a trav\u00e9s de un certificado manipulado."}], "id": "CVE-2013-0791", "lastModified": "2024-10-21T13:55:03.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-03T11:56:21.117", "references": [{"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"source": "security@mozilla.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"}, {"source": "security@mozilla.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"}, {"source": "security@mozilla.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"}, {"source": "security@mozilla.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1135.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1144.html"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-40.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/58826"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1791-1"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=629816"}, {"source": "security@mozilla.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ambroz Bizjak as the original reporter.", "affected_release": [{"advisory": "RHSA-2013:1135", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "nspr-0:4.9.5-1.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-08-05T00:00:00Z"}, {"advisory": "RHSA-2013:1135", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "nss-0:3.14.3-6.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-08-05T00:00:00Z"}, {"advisory": "RHSA-2013:1144", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nspr-0:4.9.5-2.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-08-07T00:00:00Z"}, {"advisory": "RHSA-2013:1144", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nss-0:3.14.3-4.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-08-07T00:00:00Z"}, {"advisory": "RHSA-2013:1144", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nss-softokn-0:3.14.3-3.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-08-07T00:00:00Z"}, {"advisory": "RHSA-2013:1144", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nss-util-0:3.14.3-3.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-08-07T00:00:00Z"}, {"advisory": "RHSA-2013:1181", "cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor", "package": "rhev-hypervisor6-0:6.4-20130815.0.el6_4", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date": "2013-08-27T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Out-of-bounds array read in CERT_DecodeCertPackage (MFSA 2013-40)", "id": "946947", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=946947"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "details": ["The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate."], "name": "CVE-2013-0791", "public_date": "2013-04-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0791\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0791\nhttp://www.mozilla.org/security/announce/2013/mfsa2013-40.html"], "threat_severity": "Low"}