ALT-PU-2017-1885-1
Closed vulnerabilities
Published: 2017-05-11
BDU:2017-01833
Уязвимость набора библиотек Network Security Services, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.5)
References:
Published: 2017-05-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-5461
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- DSA-3831
- DSA-3831
- DSA-3872
- DSA-3872
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- 98050
- 98050
- 1038320
- 1038320
- RHSA-2017:1100
- RHSA-2017:1100
- RHSA-2017:1101
- RHSA-2017:1101
- RHSA-2017:1102
- RHSA-2017:1102
- RHSA-2017:1103
- RHSA-2017:1103
- https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
- https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes
- GLSA-201705-04
- GLSA-201705-04
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
Published: 2017-05-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-7502
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- DSA-3872
- DSA-3872
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- 98744
- 98744
- 1038579
- 1038579
- RHSA-2017:1364
- RHSA-2017:1364
- RHSA-2017:1365
- RHSA-2017:1365
- RHSA-2017:1567
- RHSA-2017:1567
- RHSA-2017:1712
- RHSA-2017:1712
- https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
- https://hg.mozilla.org/projects/nss/rev/55ea60effd0d