CVE-2009-2404Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Network Security Services

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
9.3CRITICALNVD
EPSS
21.0%
top 4.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla NSSMozilla Network Security Services
Timeline
PublishedAug 3
Latest updateMay 2

Description

Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianmozilla/nss< 3.12.3-1+3

Patches

Patch: www.mozilla.orgPatch: www.securityfocus.comPatch: www.vupen.com

🔴Vulnerability Details

3
GHSA
GHSA-9w79-fpqx-hcfm: Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 32022-05-02
OSV
CVE-2009-2404: Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 32009-08-03
CVEList
CVE-2009-2404: Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 32009-08-03

📋Vendor Advisories

4
Ubuntu
NSPR update2009-08-04
Ubuntu
NSS vulnerabilities2009-08-04
Red Hat
nss regexp heap overflow2009-07-29
Debian
CVE-2009-2404: nss - Heap-based buffer overflow in a regular-expression parser in Mozilla Network Sec...2009

💬Community

1
Bugzilla
CVE-2009-2404 nss regexp heap overflow2009-07-21
CVE-2009-2404 — Mozilla vulnerability | cvebase