ALAS-2017-825

Metadata

high
7.5
nss, nss-util
CVE-2017-5461
2017-04-27
2017-06-16 19:22
v3.4/main/nss-3.23-r1
CVE-2017-5461 nss
CVE-2017-5461 firefox-esr
CVE-2017-5461 firefox
CVE-2017-5461
2017-04-27 21:03

Description

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461 )Upstream acknowledges Ronald Crane as the original reporter.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
nss nss-3.28.4-1.0.78.amzn1.src
nss nss-3.28.4-1.0.78.amzn1.x86_64
nss nss-3.28.4-1.0.78.amzn1.i686
nss-debuginfo nss-debuginfo-3.28.4-1.0.78.amzn1.i686
nss-debuginfo nss-debuginfo-3.28.4-1.0.78.amzn1.x86_64
nss-devel nss-devel-3.28.4-1.0.78.amzn1.x86_64
nss-devel nss-devel-3.28.4-1.0.78.amzn1.i686
nss-pkcs11-devel nss-pkcs11-devel-3.28.4-1.0.78.amzn1.x86_64
nss-pkcs11-devel nss-pkcs11-devel-3.28.4-1.0.78.amzn1.i686
nss-sysinit nss-sysinit-3.28.4-1.0.78.amzn1.x86_64
nss-sysinit nss-sysinit-3.28.4-1.0.78.amzn1.i686
nss-tools nss-tools-3.28.4-1.0.78.amzn1.i686
nss-tools nss-tools-3.28.4-1.0.78.amzn1.x86_64
nss-util nss-util-3.28.4-1.0.52.amzn1.x86_64
nss-util nss-util-3.28.4-1.0.52.amzn1.src
nss-util nss-util-3.28.4-1.0.52.amzn1.i686
nss-util-debuginfo nss-util-debuginfo-3.28.4-1.0.52.amzn1.x86_64
nss-util-debuginfo nss-util-debuginfo-3.28.4-1.0.52.amzn1.i686
nss-util-devel nss-util-devel-3.28.4-1.0.52.amzn1.i686
nss-util-devel nss-util-devel-3.28.4-1.0.52.amzn1.x86_64