CVE-2022-3479 — Mozilla Network Security Services vulnerability

12 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 58.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla NSS Mozilla Network Security Services

Timeline

PublishedOct 14

Latest updateJan 15

Description

A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDmozilla/network_security_services3.77 — 3.87

▶Debianmozilla/nss< 2:3.87-1+2

▶Ubuntumozilla/nss< 2:3.35-2ubuntu2.16+2

▶CVEListV5mozilla/nss3.81

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

OSV

nss vulnerabilities↗2023-02-27

▶

GHSA

GHSA-6275-5f4x-m3m3: A vulnerability found in nss↗2022-10-14

▶

CVEList

CVE-2022-3479: A vulnerability found in nss↗2022-10-14

▶

OSV

CVE-2022-3479: A vulnerability found in nss↗2022-10-14

▶

📋Vendor Advisories

Oracle

Oracle Oracle JD Edwards Risk Matrix: Enterprise Infrastructure SEC (NSS) — CVE-2022-3479↗2024-01-15

▶

Oracle

Oracle Oracle Communications Applications Risk Matrix: Security (NSS) — CVE-2022-3479↗2023-07-15

▶

Oracle

Oracle Oracle HealthCare Applications Risk Matrix: DataStudio (NSS) — CVE-2022-3479↗2023-04-15

▶

Ubuntu

NSS vulnerabilities↗2023-02-27

▶

Red Hat

nss: nss client auth crash without a user certificate in the database↗2022-06-16

▶