First published: Thu Nov 21 2019(Updated: )
A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/nss-softokn | <0:3.44.0-6.el6_10 | 0:3.44.0-6.el6_10 |
redhat/nss-softokn | <0:3.14.3-23.el6_6 | 0:3.14.3-23.el6_6 |
redhat/nss | <0:3.44.0-7.el7_7 | 0:3.44.0-7.el7_7 |
redhat/nss-softokn | <0:3.44.0-8.el7_7 | 0:3.44.0-8.el7_7 |
redhat/nss-util | <0:3.44.0-4.el7_7 | 0:3.44.0-4.el7_7 |
redhat/nss-softokn | <0:3.28.3-9.el7_4 | 0:3.28.3-9.el7_4 |
redhat/nss-softokn | <0:3.36.0-6.el7_5 | 0:3.36.0-6.el7_5 |
redhat/nss-softokn | <0:3.36.0-6.el7_6 | 0:3.36.0-6.el7_6 |
redhat/nss | <0:3.44.0-9.el8_1 | 0:3.44.0-9.el8_1 |
redhat/nss | <0:3.44.0-8.el8_0 | 0:3.44.0-8.el8_0 |
Mozilla Thunderbird | <68.3 | 68.3 |
Mozilla Firefox ESR | <68.3 | 68.3 |
redhat/nss | <3.44.3 | 3.44.3 |
redhat/nss | <3.47.1 | 3.47.1 |
Mozilla Firefox | <71 | 71 |
Siemens RUGGEDCOM ROX MX5000 | <2.14.0 | 2.14.0 |
Siemens RUGGEDCOM ROX RX1400 | <2.14.0 | 2.14.0 |
Siemens RUGGEDCOM ROX RX1500 | <2.14.0 | 2.14.0 |
Siemens RUGGEDCOM ROX RX1501 | <2.14.0 | 2.14.0 |
Siemens RUGGEDCOM ROX RX1510 | <2.14.0 | 2.14.0 |
Siemens RUGGEDCOM ROX RX1511 | <2.14.0 | 2.14.0 |
Siemens RUGGEDCOM ROX RX500 | <2.14.0 | 2.14.0 |
Mozilla Firefox | <71.0 | |
Mozilla Firefox ESR | <68.3 | |
Mozilla Thunderbird | <68.3.0 | |
openSUSE Leap | =15.1 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Debian Debian Linux | =9.0 | |
Redhat Enterprise Linux Server Aus | =6.6 | |
Siemens Ruggedcom Rox Mx5000 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX MX5000 | ||
Siemens Ruggedcom Rox Rx1400 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1400 | ||
Siemens Ruggedcom Rox Rx1500 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1500 | ||
Siemens Ruggedcom Rox Rx1501 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1501 | ||
Siemens Ruggedcom Rox Rx1510 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1510 | ||
Siemens Ruggedcom Rox Rx1511 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1511 | ||
Siemens Ruggedcom Rox Rx1512 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1512 | ||
Siemens Ruggedcom Rox Rx5000 Firmware | <2.14.0 | |
Siemens Ruggedcom Rox Rx5000 | ||
debian/nss | 2:3.61-1+deb11u3 2:3.61-1+deb11u4 2:3.87.1-1 2:3.87.1-1+deb12u1 2:3.106-1 | |
All of | ||
Siemens Ruggedcom Rox Mx5000 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX MX5000 | ||
All of | ||
Siemens Ruggedcom Rox Rx1400 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1400 | ||
All of | ||
Siemens Ruggedcom Rox Rx1500 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1500 | ||
All of | ||
Siemens Ruggedcom Rox Rx1501 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1501 | ||
All of | ||
Siemens Ruggedcom Rox Rx1510 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1510 | ||
All of | ||
Siemens Ruggedcom Rox Rx1511 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1511 | ||
All of | ||
Siemens Ruggedcom Rox Rx1512 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1512 | ||
All of | ||
Siemens Ruggedcom Rox Rx5000 Firmware | <2.14.0 | |
Siemens Ruggedcom Rox Rx5000 | ||
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)