CVE-2013-5607

CWE-18911 documents8 sources

Severity

7.5HIGH

EPSS

1.6%

top 18.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Netscape Portable Runtime Mozilla Seamonkey

Timeline

PublishedNov 20

Latest updateMay 14

Description

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDmozilla/netscape_portable_runtime4.10.1+40

▶NVDmozilla/firefox25.0+23

▶NVDmozilla/seamonkey2.22+38

▶Debiannspr< 2:4.10.2-1+3

🔴Vulnerability Details

GHSA

GHSA-3xqp-xvq8-m5hr: Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4↗2022-05-14

▶

CVEList

CVE-2013-5607: Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4↗2013-11-20

▶

OSV

CVE-2013-5607: Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4↗2013-11-20

▶

📋Vendor Advisories

Ubuntu

NSPR vulnerability↗2014-01-23

▶

Ubuntu

Thunderbird vulnerabilities↗2013-11-21

▶

Ubuntu

Firefox vulnerabilities↗2013-11-20

▶

Red Hat

nspr: Avoid unsigned integer wrapping in PL_ArenaAllocate (MFSA 2013-103)↗2013-11-19

▶

Debian

CVE-2013-5607: nspr - Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable R...↗2013

▶

💬Community

Bugzilla

CVE-2013-5607 nspr: Avoid unsigned integer wrapping in PL_ArenaAllocate (MFSA 2013-103) [fedora-all]↗2013-11-19

▶

Bugzilla

CVE-2013-5607 nspr: Avoid unsigned integer wrapping in PL_ArenaAllocate (MFSA 2013-103)↗2013-11-18

▶