CVE-2017-11697Improper Restriction of Operations within the Bounds of a Memory Buffer in NSS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 71.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian NSSMsrc Azl3 Mozjs 102.15.1-1 ON Azure Linux 3.0
Timeline
PublishedDec 27
Latest updateMay 13

Description

The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

debiandebian/nss

🔴Vulnerability Details

2
GHSA
GHSA-qc6x-5778-fhxh: The __hash_open function in hash2022-05-13
OSV
CVE-2017-11697: The __hash_open function in hash2017-12-27

📋Vendor Advisories

3
Microsoft
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cer2017-12-12
Red Hat
nss: Floating Point Exception in __hash_open2017-08-09
Debian
CVE-2017-11697: nss - The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS...2017

💬Community

1
Bugzilla
CVE-2017-11697 nss: Floating Point Exception in __hash_open2017-08-31