CVE-2013-5605 — Improper Input Validation in Mozilla Network Security Services

CWE-20 — Improper Input Validation11 documents8 sources

Severity

7.5HIGHNVD

EPSS

2.8%

top 13.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla NSS Mozilla Network Security Services

Timeline

PublishedNov 18

Latest updateMay 14

Description

Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmozilla/network_security_services8 versions+7

▶Debianmozilla/nss< 2:3.15.3-1+3

Patches

Patch: developer.mozilla.org ↗Patch: developer.mozilla.org ↗Patch: developer.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-mv87-4w29-5g7x: Mozilla Network Security Services (NSS) 3↗2022-05-14

▶

OSV

CVE-2013-5605: Mozilla Network Security Services (NSS) 3↗2013-11-18

▶

CVEList

CVE-2013-5605: Mozilla Network Security Services (NSS) 3↗2013-11-16

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2013-11-21

▶

Ubuntu

Firefox vulnerabilities↗2013-11-20

▶

Ubuntu

NSS vulnerabilities↗2013-11-18

▶

Red Hat

nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)↗2013-11-13

▶

Debian

CVE-2013-5605: nss - Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15....↗2013

▶

💬Community

Bugzilla

CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws [fedora-all]↗2013-11-19

▶

Bugzilla

CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)↗2013-11-15

▶