{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a \"use-after-poison\" issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "1034069", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034069"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bto.bluecoat.com/security-advisory/sa119"}, {"name": "DSA-3688", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3688"}, {"name": "DSA-3410", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3410"}, {"name": "SUSE-SU-2015:2081", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192028"}, {"name": "GLSA-201512-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201512-10"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "SUSE-SU-2015:1981", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"}, {"name": "openSUSE-SU-2015:2229", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"}, {"name": "USN-2785-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2785-1"}, {"name": "USN-2791-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2791-1"}, {"name": "SUSE-SU-2015:1926", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "RHSA-2015:1981", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"}, {"name": "USN-2819-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2819-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"name": "91787", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91787"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"}, {"name": "openSUSE-SU-2015:1942", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"}, {"name": "RHSA-2015:1980", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"}, {"name": "DSA-3393", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3393"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"}, {"name": "77416", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77416"}, {"name": "openSUSE-SU-2015:2245", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"}, {"name": "GLSA-201605-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "SSA:2015-310-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"}, {"name": "SUSE-SU-2015:1978", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2015-7181", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a \"use-after-poison\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "1034069", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034069"}, {"name": "https://bto.bluecoat.com/security-advisory/sa119", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa119"}, {"name": "DSA-3688", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3688"}, {"name": "DSA-3410", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3410"}, {"name": "SUSE-SU-2015:2081", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192028", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192028"}, {"name": "GLSA-201512-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201512-10"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "SUSE-SU-2015:1981", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"}, {"name": "openSUSE-SU-2015:2229", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"}, {"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes", "refsource": "CONFIRM", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"}, {"name": "USN-2785-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2785-1"}, {"name": "USN-2791-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2791-1"}, {"name": "SUSE-SU-2015:1926", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "RHSA-2015:1981", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"}, {"name": "USN-2819-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2819-1"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"name": "91787", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91787"}, {"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes", "refsource": "CONFIRM", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"}, {"name": "openSUSE-SU-2015:1942", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"}, {"name": "RHSA-2015:1980", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"}, {"name": "DSA-3393", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3393"}, {"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes", "refsource": "CONFIRM", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"}, {"name": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"}, {"name": "77416", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77416"}, {"name": "openSUSE-SU-2015:2245", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"}, {"name": "GLSA-201605-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "SSA:2015-310-02", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753"}, {"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"}, {"name": "SUSE-SU-2015:1978", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:43:44.897Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "1034069", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034069"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bto.bluecoat.com/security-advisory/sa119"}, {"name": "DSA-3688", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3688"}, {"name": "DSA-3410", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3410"}, {"name": "SUSE-SU-2015:2081", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192028"}, {"name": "GLSA-201512-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201512-10"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "SUSE-SU-2015:1981", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"}, {"name": "openSUSE-SU-2015:2229", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"}, {"name": "USN-2785-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2785-1"}, {"name": "USN-2791-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2791-1"}, {"name": "SUSE-SU-2015:1926", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "RHSA-2015:1981", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"}, {"name": "USN-2819-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2819-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"name": "91787", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91787"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"}, {"name": "openSUSE-SU-2015:1942", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"}, {"name": "RHSA-2015:1980", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"}, {"name": "DSA-3393", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3393"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"}, {"name": "77416", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/77416"}, {"name": "openSUSE-SU-2015:2245", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"}, {"name": "GLSA-201605-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "SSA:2015-310-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"}, {"name": "SUSE-SU-2015:1978", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2015-7181", "datePublished": "2015-11-05T02:00:00", "dateReserved": "2015-09-16T00:00:00", "dateUpdated": "2024-08-06T07:43:44.897Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "39EA735D-20A8-4595-BFF8-7B1F5A32CDA2", "versionEndIncluding": "3.19.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "95762E75-6DEC-4B1C-87B4-A4EA1937B710", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "A741F21D-4095-47E0-AAB4-DDBDAAC5BAB1", "versionEndIncluding": "41.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A1DD76B-7682-4F61-B274-115D8A9B5306", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "332589F6-C6DB-4204-97FA-B60105BBF146", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "A04D6EAE-C709-4752-976E-DB15EE6E85B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE52B8E3-3BA8-46DB-948E-958739FE91B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "818D58B7-3BA2-4CE5-9D9A-65F5B24AB6D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B50189A6-C058-46EA-9BE8-9D01E304D518", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F5442BB-3E3F-4E91-B76B-6B379B47E2BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3FF3D499-08B8-4180-86C8-A38609D8938B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a \"use-after-poison\" issue."}, {"lang": "es", "value": "La funci\u00f3n sec_asn1d_parse_leaf en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 y 3.20.x en versiones anteriores a 3.20.1, como se utiliza en Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 y otros productos, restringe el acceso de manera incorrecta a una estructura de datos no especificada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos OCTET STRING manipulados, relacionado con un problema 'use-after-poison'."}], "id": "CVE-2015-7181", "lastModified": "2017-11-04T01:29:08.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-05T05:59:05.603", "references": [{"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"}, {"source": "security@mozilla.org", "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2015/dsa-3393"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2015/dsa-3410"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2016/dsa-3688"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "security@mozilla.org", "url": "http://www.securityfocus.com/bid/77416"}, {"source": "security@mozilla.org", "url": "http://www.securityfocus.com/bid/91787"}, {"source": "security@mozilla.org", "url": "http://www.securitytracker.com/id/1034069"}, {"source": "security@mozilla.org", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2785-1"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2791-1"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2819-1"}, {"source": "security@mozilla.org", "url": "https://bto.bluecoat.com/security-advisory/sa119"}, {"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192028"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201512-10"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201605-06"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:1980", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "nspr-0:4.10.8-2.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:1980", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "nss-0:3.19.1-2.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:1981", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nspr-0:4.10.8-2.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:1981", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nss-0:3.19.1-5.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:1981", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nss-util-0:3.19.1-2.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "nspr-0:4.8.9-6.el6_2", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "nss-0:3.13.1-12.el6_2", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "nss-util-0:3.13.1-9.el6_2", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "nspr-0:4.9.5-5.el6_4", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "nss-0:3.14.3-9.el6_4", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "nss-util-0:3.14.3-7.el6_4", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_eus:6.5", "package": "nspr-0:4.10.6-2.el6_5", "product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_eus:6.5", "package": "nss-0:3.16.1-9.el6_5", "product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_eus:6.5", "package": "nss-util-0:3.16.1-3.el6_5", "product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_eus:6.6", "package": "nspr-0:4.10.8-2.el6_6", "product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_eus:6.6", "package": "nss-0:3.19.1-4.el6_6", "product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_eus:6.6", "package": "nss-util-0:3.19.1-2.el6_6", "product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:1981", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nspr-0:4.10.8-2.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:1981", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nss-0:3.19.1-7.ael7b_1.2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:1981", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nss-util-0:3.19.1-4.ael7b_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-11-04T00:00:00Z"}], "bugzilla": {"description": "nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)", "id": "1269345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269345"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a \"use-after-poison\" issue.", "A use-after-poison flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library."], "name": "CVE-2015-7181", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "nss", "product_name": "Red Hat Enterprise Linux 4"}], "public_date": "2015-11-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-7181\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7181\nhttps://access.redhat.com/articles/2043623\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-133.html"], "threat_severity": "Critical", "upstream_fix": "nss 3.19.2.1, nss 3.19.4, nss 3.20.1"}