First published: Thu Oct 13 2022(Updated: )
A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Network Security Services | <=3.81 | |
redhat/nss | <3.81 | 3.81 |
Mozilla Network Security Services | >=3.77<3.87 | |
debian/nss | 2:3.61-1+deb11u3 2:3.87.1-1 2:3.105-2 | |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-3479 is a vulnerability found in nss where the client auth can crash without a user certificate, leading to a segmentation fault or crash.
CVE-2022-3479 has a severity level of medium.
The software affected by CVE-2022-3479 includes nss versions 2:3.82-1ubuntu0.1, 3.81 (Red Hat), and various versions (2:3.42.1-1+deb10u5, 2:3.42.1-1+deb10u6, 2:3.61-1+deb11u3, 2:3.87.1-1, 2:3.92-1) on Debian.
To fix CVE-2022-3479 on Ubuntu, update the nss package to version 2:3.82-1ubuntu0.1 or later.
You can find more information about CVE-2022-3479 at the following references: [1](https://bugzilla.mozilla.org/show_bug.cgi?id=1774654), [2](https://bugzilla.redhat.com/show_bug.cgi?id=2134331), [3](https://security.gentoo.org/glsa/202212-05).