CVE-2017-5461 log
| Source |
|
| Severity | Critical |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | An out-of-bounds write during Base64 decoding operation has been found in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. The issue has been fixed in releases 3.29.5 and 3.30.1. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-249 | firefox | 52.0.2-1 | 53.0-1 | Critical | Fixed | |
| AVG-248 | lib32-nss | 3.27.1-1 | 3.30.2-1 | Critical | Fixed | |
| AVG-247 | nss | 3.30-1 | 3.30.1-1 | Critical | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 29 May 2017 | ASA-201705-21 | AVG-248 | lib32-nss | Critical | arbitrary code execution |
| 21 Apr 2017 | ASA-201704-6 | AVG-249 | firefox | Critical | multiple issues |
| 20 Apr 2017 | ASA-201704-4 | AVG-247 | nss | Critical | arbitrary code execution |
| References |
|---|
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461 https://bugzilla.mozilla.org/show_bug.cgi?id=1344380 https://hg.mozilla.org/projects/nss/rev/ac34db053672 |