{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-19T16:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "1034069", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034069"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bto.bluecoat.com/security-advisory/sa119"}, {"name": "SUSE-SU-2015:2081", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"name": "GLSA-201512-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201512-10"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "SUSE-SU-2015:1981", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"}, {"name": "DSA-3406", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3406"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "openSUSE-SU-2015:2229", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"}, {"name": "USN-2785-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2785-1"}, {"name": "SUSE-SU-2015:1926", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "RHSA-2015:1981", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"}, {"name": "USN-2819-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2819-1"}, {"name": "77415", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77415"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"name": "91787", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91787"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"}, {"name": "openSUSE-SU-2015:1942", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"}, {"name": "RHSA-2015:1980", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"}, {"name": "USN-2790-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2790-1"}, {"name": "DSA-3393", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3393"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"}, {"name": "openSUSE-SU-2015:2245", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"}, {"name": "GLSA-201605-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "SSA:2015-310-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"}, {"name": "SUSE-SU-2015:1978", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2015-7183", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "1034069", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034069"}, {"name": "https://bto.bluecoat.com/security-advisory/sa119", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa119"}, {"name": "SUSE-SU-2015:2081", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"name": "GLSA-201512-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201512-10"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "SUSE-SU-2015:1981", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"}, {"name": "DSA-3406", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3406"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "openSUSE-SU-2015:2229", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"}, {"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes", "refsource": "CONFIRM", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"}, {"name": "USN-2785-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2785-1"}, {"name": "SUSE-SU-2015:1926", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "RHSA-2015:1981", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"}, {"name": "USN-2819-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2819-1"}, {"name": "77415", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77415"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"name": "91787", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91787"}, {"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes", "refsource": "CONFIRM", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"}, {"name": "openSUSE-SU-2015:1942", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"}, {"name": "RHSA-2015:1980", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"}, {"name": "USN-2790-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2790-1"}, {"name": "DSA-3393", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3393"}, {"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes", "refsource": "CONFIRM", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"}, {"name": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"}, {"name": "openSUSE-SU-2015:2245", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"}, {"name": "GLSA-201605-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "SSA:2015-310-02", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753"}, {"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"}, {"name": "SUSE-SU-2015:1978", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:43:44.947Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "1034069", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034069"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bto.bluecoat.com/security-advisory/sa119"}, {"name": "SUSE-SU-2015:2081", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"name": "GLSA-201512-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201512-10"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "SUSE-SU-2015:1981", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"}, {"name": "DSA-3406", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3406"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"name": "openSUSE-SU-2015:2229", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"}, {"name": "USN-2785-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2785-1"}, {"name": "SUSE-SU-2015:1926", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "RHSA-2015:1981", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"}, {"name": "USN-2819-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2819-1"}, {"name": "77415", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/77415"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"name": "91787", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91787"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"}, {"name": "openSUSE-SU-2015:1942", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"}, {"name": "RHSA-2015:1980", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"}, {"name": "USN-2790-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2790-1"}, {"name": "DSA-3393", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3393"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"}, {"name": "openSUSE-SU-2015:2245", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"}, {"name": "GLSA-201605-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201605-06"}, {"name": "SSA:2015-310-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"}, {"name": "SUSE-SU-2015:1978", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2015-7183", "datePublished": "2015-11-05T02:00:00", "dateReserved": "2015-09-16T00:00:00", "dateUpdated": "2024-08-06T07:43:44.947Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "A741F21D-4095-47E0-AAB4-DDBDAAC5BAB1", "versionEndIncluding": "41.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "39EA735D-20A8-4595-BFF8-7B1F5A32CDA2", "versionEndIncluding": "3.19.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "95762E75-6DEC-4B1C-87B4-A4EA1937B710", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A1DD76B-7682-4F61-B274-115D8A9B5306", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "332589F6-C6DB-4204-97FA-B60105BBF146", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "A04D6EAE-C709-4752-976E-DB15EE6E85B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE52B8E3-3BA8-46DB-948E-958739FE91B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "818D58B7-3BA2-4CE5-9D9A-65F5B24AB6D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B50189A6-C058-46EA-9BE8-9D01E304D518", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F5442BB-3E3F-4E91-B76B-6B379B47E2BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3FF3D499-08B8-4180-86C8-A38609D8938B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de entero en la implementaci\u00f3n de PL_ARENA_ALLOCATE en Netscape Portable Runtime (NSPR) en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 y 3.20.x en versiones anteriores a 3.20.1, como se utiliza en Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 y otros productos, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-7183", "lastModified": "2017-10-20T01:29:07.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-05T05:59:07.883", "references": [{"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"}, {"source": "security@mozilla.org", "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2015/dsa-3393"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2015/dsa-3406"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "security@mozilla.org", "url": "http://www.securityfocus.com/bid/77415"}, {"source": "security@mozilla.org", "url": "http://www.securityfocus.com/bid/91787"}, {"source": "security@mozilla.org", "url": "http://www.securitytracker.com/id/1034069"}, {"source": "security@mozilla.org", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2785-1"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2790-1"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-2819-1"}, {"source": "security@mozilla.org", "url": "https://bto.bluecoat.com/security-advisory/sa119"}, {"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205157"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201512-10"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201605-06"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ryan Sleevi as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:1980", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "nspr-0:4.10.8-2.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:1980", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "nss-0:3.19.1-2.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:1981", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nspr-0:4.10.8-2.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:1981", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nss-0:3.19.1-5.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:1981", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "nss-util-0:3.19.1-2.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "nspr-0:4.8.9-6.el6_2", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "nss-0:3.13.1-12.el6_2", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "nss-util-0:3.13.1-9.el6_2", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "nspr-0:4.9.5-5.el6_4", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "nss-0:3.14.3-9.el6_4", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "nss-util-0:3.14.3-7.el6_4", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_eus:6.5", "package": "nspr-0:4.10.6-2.el6_5", "product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_eus:6.5", "package": "nss-0:3.16.1-9.el6_5", "product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_eus:6.5", "package": "nss-util-0:3.16.1-3.el6_5", "product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_eus:6.6", "package": "nspr-0:4.10.8-2.el6_6", "product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_eus:6.6", "package": "nss-0:3.19.1-4.el6_6", "product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:2068", "cpe": "cpe:/o:redhat:rhel_eus:6.6", "package": "nss-util-0:3.19.1-2.el6_6", "product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support", "release_date": "2015-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:1981", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nspr-0:4.10.8-2.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:1981", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nss-0:3.19.1-7.ael7b_1.2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-11-04T00:00:00Z"}, {"advisory": "RHSA-2015:1981", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nss-util-0:3.19.1-4.ael7b_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-11-04T00:00:00Z"}], "bugzilla": {"description": "nspr: heap-buffer overflow in PL_ARENA_ALLOCATE (MFSA 2015-133)", "id": "1269353", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269353"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-190->CWE-122", "details": ["Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.", "A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library."], "name": "CVE-2015-7183", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "nspr", "product_name": "Red Hat Enterprise Linux 4"}], "public_date": "2015-11-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-7183\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7183\nhttps://access.redhat.com/articles/2043623\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-133.html"], "threat_severity": "Critical", "upstream_fix": "nspr 4.10.10"}