---

CVE-2017-5461 - log back

CVE-2017-5461 created at 25 Sep 2019 19:31:40
Severity	+ Critical
Remote	+ Remote
Type	+ Arbitrary code execution
Description	+ An out-of-bounds write during Base64 decoding operation has been found in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. + An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. The issue has been fixed in releases 3.29.5 and 3.30.1.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461 + https://bugzilla.mozilla.org/show_bug.cgi?id=1344380 + https://hg.mozilla.org/projects/nss/rev/ac34db053672
Notes