{ "schema_version": "1.4.0", "id": "GHSA-f3ww-87xf-9498", "modified": "2022-05-17T00:28:12Z", "published": "2022-05-17T00:28:12Z", "aliases": [ "CVE-2015-7182" ], "details": "Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7182" }, { "type": "WEB", "url": "https://bto.bluecoat.com/security-advisory/sa119" }, { "type": "WEB", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1202868" }, { "type": "WEB", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes" }, { "type": "WEB", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes" }, { "type": "WEB", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201512-10" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201605-06" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html" }, { "type": "WEB", "url": "http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2015-1980.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2015-1981.html" }, { "type": "WEB", "url": "http://www.debian.org/security/2015/dsa-3393" }, { "type": "WEB", "url": "http://www.debian.org/security/2015/dsa-3410" }, { "type": "WEB", "url": "http://www.debian.org/security/2016/dsa-3688" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-133.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/77416" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/91787" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1034069" }, { "type": "WEB", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/USN-2785-1" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/USN-2791-1" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/USN-2819-1" } ], "database_specific": { "cwe_ids": [ "CWE-119" ], "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2015-11-05T05:59:00Z" } }