CVE-2012-0441

CWE-119 — Buffer Overflow11 documents8 sources

Severity

5.0MEDIUM

EPSS

3.6%

top 12.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Network Security Services Mozilla Seamonkey Mozilla Firefox +2 more

Timeline

PublishedJun 5

Latest updateMay 4

Description

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

▶NVDmozilla/network_security_services3.12.3+26

▶NVDmozilla/firefox20 versions+19

▶NVDmozilla/thunderbird16 versions+15

▶NVDmozilla/thunderbird_esr5 versions+4

▶NVDmozilla/seamonkey2.9+64

🔴Vulnerability Details

GHSA

GHSA-89qc-hqm7-mh22: The ASN↗2022-05-04

▶

OSV

CVE-2012-0441: The ASN↗2012-06-05

▶

CVEList

CVE-2012-0441: The ASN↗2012-06-05

▶

📋Vendor Advisories

Ubuntu

NSS vulnerability↗2012-08-21

▶

Ubuntu

NSS vulnerability↗2012-08-16

▶

Ubuntu

Thunderbird vulnerabilities↗2012-06-27

▶

Ubuntu

Firefox vulnerabilities↗2012-06-06

▶

Red Hat

nss: NSS parsing errors with zero length items↗2012-06-05

▶

💬Community

Bugzilla

CVE-2012-0441 nss: NSS parsing errors with zero length items↗2012-06-03

▶