CVE-2017-5461

CWE-787Out-of-bounds Write14 documents9 sources
Severity
9.8CRITICAL
EPSS
0.9%
top 23.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedMay 11
Latest updateMay 13

Description

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

NVDmozilla/network_security_services3.293.29.5+3
CVEListV5mozilla/firefoxunspecified53
CVEListV5mozilla/firefox_esrunspecified45.9+1
CVEListV5mozilla/thunderbirdunspecified52.1
Debiannss< 2:3.26.2-1.1+3

Patches

Patch: www.debian.orgPatch: www.debian.orgPatch: www.oracle.com

🔴Vulnerability Details

5
GHSA
GHSA-f438-mjv4-rwx8: Mozilla Network Security Services (NSS) before 32022-05-13
OSV
thunderbird vulnerabilities2017-05-16
CVEList
CVE-2017-5461: Mozilla Network Security Services (NSS) before 32017-05-11
OSV
CVE-2017-5461: Mozilla Network Security Services (NSS) before 32017-05-11
OSV
nss vulnerabilities2017-04-27

📋Vendor Advisories

7
Oracle
Oracle Oracle Systems Risk Matrix: XCP Firmware (NSS) — CVE-2017-54612021-07-15
Ubuntu
NSS vulnerability2017-07-31
Ubuntu
Thunderbird vulnerabilities2017-05-16
Ubuntu
NSS vulnerabilities2017-04-27
Ubuntu
Firefox vulnerabilities2017-04-21

💬Community

1
Bugzilla
CVE-2017-5461 nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)2017-04-07