CVE-2015-7183

CWE-119 — Buffer Overflow CWE-189 CWE-190 — Integer Overflow10 documents8 sources

Severity

7.5HIGH

EPSS

4.7%

top 10.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Network Security Services

Timeline

PublishedNov 5

Latest updateMay 17

Description

Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/network_security_services3.19.2.0+1

▶NVDmozilla/firefox41.0.2+8

▶Debiannspr< 2:4.10.10-1+3

🔴Vulnerability Details

GHSA

GHSA-v8r8-vg3r-9r36: Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3↗2022-05-17

▶

CVEList

CVE-2015-7183: Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3↗2015-11-05

▶

OSV

CVE-2015-7183: Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3↗2015-11-05

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2015-12-01

▶

Ubuntu

NSPR vulnerability↗2015-11-04

▶

Ubuntu

Firefox vulnerabilities↗2015-11-04

▶

Red Hat

nspr: heap-buffer overflow in PL_ARENA_ALLOCATE (MFSA 2015-133)↗2015-11-03

▶

Debian

CVE-2015-7183: nspr - Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Ru...↗2015

▶

💬Community

Bugzilla

CVE-2015-7183 nspr: heap-buffer overflow in PL_ARENA_ALLOCATE (MFSA 2015-133)↗2015-10-07

▶