First published: Sat Nov 23 2019(Updated: )
Mozilla Network Security Services (NSS), as used in Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when using certain cryptographic primitives. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/nspr | <0:4.25.0-2.el7_9 | 0:4.25.0-2.el7_9 |
redhat/nss | <0:3.53.1-3.el7_9 | 0:3.53.1-3.el7_9 |
redhat/nss-softokn | <0:3.53.1-6.el7_9 | 0:3.53.1-6.el7_9 |
redhat/nss-util | <0:3.53.1-1.el7_9 | 0:3.53.1-1.el7_9 |
redhat/nss-softokn | <0:3.28.3-10.el7_4 | 0:3.28.3-10.el7_4 |
redhat/nss | <0:3.36.0-9.el7_6 | 0:3.36.0-9.el7_6 |
redhat/nss-softokn | <0:3.36.0-7.el7_6 | 0:3.36.0-7.el7_6 |
redhat/nss-softokn | <0:3.44.0-9.el7_7 | 0:3.44.0-9.el7_7 |
redhat/nspr | <0:4.25.0-2.el8_2 | 0:4.25.0-2.el8_2 |
redhat/nss | <0:3.53.1-11.el8_2 | 0:3.53.1-11.el8_2 |
debian/nss | 2:3.42.1-1+deb10u5 2:3.42.1-1+deb10u7 2:3.61-1+deb11u3 2:3.87.1-1 2:3.96.1-1 | |
Siemens RUGGEDCOM ROX MX5000 | <2.14.0 | 2.14.0 |
Siemens RUGGEDCOM ROX RX1400 | <2.14.0 | 2.14.0 |
Siemens RUGGEDCOM ROX RX1500 | <2.14.0 | 2.14.0 |
Siemens RUGGEDCOM ROX RX1501 | <2.14.0 | 2.14.0 |
Siemens RUGGEDCOM ROX RX1510 | <2.14.0 | 2.14.0 |
Siemens RUGGEDCOM ROX RX1511 | <2.14.0 | 2.14.0 |
Siemens RUGGEDCOM ROX RX500 | <2.14.0 | 2.14.0 |
Siemens Ruggedcom Rox Mx5000 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX MX5000 | ||
Siemens Ruggedcom Rox Rx1400 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1400 | ||
Siemens Ruggedcom Rox Rx1500 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1500 | ||
Siemens Ruggedcom Rox Rx1501 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1501 | ||
Siemens Ruggedcom Rox Rx1510 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1510 | ||
Siemens Ruggedcom Rox Rx1511 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1511 | ||
Siemens Ruggedcom Rox Rx1512 Firmware | <2.14.0 | |
Siemens RUGGEDCOM ROX RX1512 | ||
Siemens Ruggedcom Rox Rx5000 Firmware | <2.14.0 | |
Siemens Ruggedcom Rox Rx5000 | ||
Mozilla Network Security Services | <3.46 | |
Netapp Hci Management Node | ||
Netapp Solidfire | ||
Netapp Hci Compute Node | ||
Netapp Hci Storage Node | ||
redhat/nss | <3.46 | 3.46 |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2019-17006 refers to a vulnerability in Mozilla Network Security Services (NSS) that allows a remote attacker to execute arbitrary code through a heap-based buffer overflow.
CVE-2019-17006 has a severity value of 9.8, which is considered critical.
CVE-2019-17006 affects Mozilla Firefox through the vulnerable Network Security Services (NSS) component.
To fix CVE-2019-17006, update to Network Security Services (NSS) version 3.46 or higher.
More information about CVE-2019-17006 can be found in the Mozilla NSS release notes, Red Hat Bugzilla, and the Red Hat security advisory.