CVE-2014-1568

CWE-310CWE-347CWE-287Improper Authentication13 documents8 sources
Severity
7.5HIGH
EPSS
30.9%
top 3.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeMozilla FirefoxMozilla Network Security Services+3 more
Timeline
PublishedSep 25
Latest updateMay 17

Description

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attacke

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

NVDmozilla/firefox32.0+4
NVDmozilla/seamonkey2.29+77
NVDmozilla/thunderbird24.8.0+3

🔴Vulnerability Details

3
GHSA
GHSA-7399-wc2p-9q6p: Mozilla Network Security Services (NSS) before 32022-05-17
OSV
CVE-2014-1568: Mozilla Network Security Services (NSS) before 32014-09-25
CVEList
CVE-2014-1568: Mozilla Network Security Services (NSS) before 32014-09-25

📋Vendor Advisories

6
Red Hat
strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c2018-09-24
Ubuntu
NSS vulnerability2014-09-24
Ubuntu
Firefox vulnerabilities2014-09-24
Ubuntu
Thunderbird vulnerabilities2014-09-24
Red Hat
nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)2014-09-24

💬Community

3
Bugzilla
CVE-2018-16152 strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c2018-10-03
Bugzilla
CVE-2014-1568 nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73) [fedora-all]2014-09-25
Bugzilla
CVE-2014-1568 nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)2014-09-23
CVE-2014-1568 (HIGH CVSS 7.5) | Mozilla Network Security Services ( | cvebase.io