[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2020-1355 --- nss, nspr

ID: oval:org.secpod.oval:def:1601120Date: (C)2020-03-20   (M)2023-11-10
Class: PATCHFamily: unix




A heap-based buffer overflow was found in the NSC_EncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application . While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack and affects all NSS versions prior to NSS 3.41. Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR CVE-2019-11729 (CVE-2018-0495

Platform:
Amazon Linux AMI
Product:
nss
nspr
Reference:
ALAS-2020-1355
CVE-2018-0495
CVE-2019-11745
CVE-2018-12404
CVE-2019-11729
CVE    4
CVE-2018-12404
CVE-2018-0495
CVE-2019-11729
CVE-2019-11745
...

© SecPod Technologies