CVE-2015-7181

CWE-119 — Buffer Overflow11 documents8 sources

Severity

7.5HIGH

EPSS

5.0%

top 10.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Network Security Services

Timeline

PublishedNov 5

Latest updateMay 17

Description

The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/network_security_services3.19.2.0+1

▶NVDmozilla/firefox41.0.2+8

▶Debiannss< 2:3.20.1-1+3

🔴Vulnerability Details

GHSA

GHSA-738m-rm9h-8qh7: The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3↗2022-05-17

▶

OSV

thunderbird vulnerabilities↗2015-12-01

▶

CVEList

CVE-2015-7181: The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3↗2015-11-05

▶

OSV

CVE-2015-7181: The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3↗2015-11-05

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2015-12-01

▶

Ubuntu

NSS vulnerabilities↗2015-11-04

▶

Ubuntu

Firefox vulnerabilities↗2015-11-04

▶

Red Hat

nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)↗2015-11-03

▶

Debian

CVE-2015-7181: nss - The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) bef...↗2015

▶

💬Community

Bugzilla

CVE-2015-7181 nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)↗2015-10-07

▶