Home

CVE-2017-5461

Description

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.925

Associated Vulnerability

VulnerabilityOS Platform
Update for Mozilla Firefox (53.0)Windows
Update for Mozilla Firefox x64 (53.0)Windows
Update for Mozilla Firefox ESR (52.1.0)Windows
Update for Mozilla Firefox ESR x64 (52.1.0)Windows
Update for Mozilla Thunderbird (52.1.0)Windows
Update for Mozilla Firefox (53.0.2)Windows
Update for Mozilla Firefox x64 (53.0.2)Windows
Update for Mozilla Firefox ESR (52.1.1)Windows
Update for Mozilla Firefox ESR x64 (52.1.1)Windows
Update for Mozilla Thunderbird (52.1.1)Windows
Update for Mozilla Firefox ESR (52.1.2)Windows
Update for Mozilla Firefox ESR x64 (52.1.2)Windows
Update for Mozilla Firefox (53.0.3)Windows
Update for Mozilla Firefox x64 (53.0.3)Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (53.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (53.0.2)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (53.0.3)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Thunderbird For Mac (52.1.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Thunderbird For Mac (52.1.1)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 45.9Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 52.1Mac
Network Security Service library (USN-3270-1) libnss3_3.28.4-0ubuntu0.14.04.1_i386.debLinux
Network Security Service library (USN-3270-1) libnss3_3.28.4-0ubuntu0.14.04.1_amd64.debLinux
Network Security Service library (USN-3270-1) libnss3_3.28.4-0ubuntu0.16.04.1_i386.debLinux
Network Security Service library (USN-3270-1) libnss3_3.28.4-0ubuntu0.16.04.1_amd64.debLinux
Network Security Service library (USN-3270-1) libnss3_3.28.4-0ubuntu0.16.10.1_i386.debLinux
Network Security Service library (USN-3270-1) libnss3_3.28.4-0ubuntu0.16.10.1_amd64.debLinux
Network Security Service library (USN-3270-1) libnss3_3.28.4-0ubuntu0.17.04.1_i386.debLinux
Network Security Service library (USN-3270-1) libnss3_3.28.4-0ubuntu0.17.04.1_amd64.debLinux
(RHSA-2017:1102) Critical: nss-util security update nss-util-3.13.1-11.el6_2.i686.rpmLinux
(RHSA-2017:1102) Critical: nss-util security update nss-util-3.13.1-11.el6_2.x86_64.rpmLinux
(RHSA-2017:1102) Critical: nss-util security update nss-util-3.21.4-1.el7_2.i686.rpmLinux
(RHSA-2017:1102) Critical: nss-util security update nss-util-3.21.4-1.el7_2.x86_64.rpmLinux
(RHSA-2017:1102) Critical: nss-util security update nss-util-devel-3.13.1-11.el6_2.i686.rpmLinux
(RHSA-2017:1102) Critical: nss-util security update nss-util-devel-3.13.1-11.el6_2.x86_64.rpmLinux
(RHSA-2017:1102) Critical: nss-util security update nss-util-devel-3.21.4-1.el7_2.i686.rpmLinux
(RHSA-2017:1102) Critical: nss-util security update nss-util-devel-3.21.4-1.el7_2.x86_64.rpmLinux
(RHSA-2017:1103) Critical: nss security update nss-3.14.3-11.el5_9.i386.rpmLinux
(RHSA-2017:1103) Critical: nss security update nss-3.14.3-11.el5_9.x86_64.rpmLinux
(RHSA-2017:1103) Critical: nss security update nss-devel-3.14.3-11.el5_9.i386.rpmLinux
(RHSA-2017:1103) Critical: nss security update nss-devel-3.14.3-11.el5_9.x86_64.rpmLinux
(RHSA-2017:1103) Critical: nss security update nss-pkcs11-devel-3.14.3-11.el5_9.i386.rpmLinux
(RHSA-2017:1103) Critical: nss security update nss-pkcs11-devel-3.14.3-11.el5_9.x86_64.rpmLinux
(RHSA-2017:1103) Critical: nss security update nss-tools-3.14.3-11.el5_9.i386.rpmLinux
(RHSA-2017:1103) Critical: nss security update nss-tools-3.14.3-11.el5_9.x86_64.rpmLinux
(RHSA-2017:1100) nss and nss-util security update nss-util-3.28.4-1.el6_9.i686.rpmLinux
(RHSA-2017:1100) nss and nss-util security update nss-util-3.28.4-1.el6_9.x86_64.rpmLinux
(RHSA-2017:1100) nss and nss-util security update nss-util-devel-3.28.4-1.el6_9.i686.rpmLinux
(RHSA-2017:1100) nss and nss-util security update nss-util-devel-3.28.4-1.el6_9.x86_64.rpmLinux
(RHSA-2017:1101) nss security update nss-3.21.4-1.el5_11.i386.rpmLinux
(RHSA-2017:1101) nss security update nss-3.21.4-1.el5_11.x86_64.rpmLinux
(RHSA-2017:1101) nss security update nss-devel-3.21.4-1.el5_11.i386.rpmLinux
(RHSA-2017:1101) nss security update nss-devel-3.21.4-1.el5_11.x86_64.rpmLinux
(RHSA-2017:1101) nss security update nss-pkcs11-devel-3.21.4-1.el5_11.i386.rpmLinux
(RHSA-2017:1101) nss security update nss-pkcs11-devel-3.21.4-1.el5_11.x86_64.rpmLinux
(RHSA-2017:1101) nss security update nss-tools-3.21.4-1.el5_11.i386.rpmLinux
(RHSA-2017:1101) nss security update nss-tools-3.21.4-1.el5_11.x86_64.rpmLinux
Out-of-bounds Write Vulnerability (CVE-2017-5461)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-305607Update for Mozilla Firefox (53.0)
PATCH-305608Update for Mozilla Firefox x64 (53.0)
PATCH-305615Update for Mozilla Firefox ESR (52.1.0)
PATCH-305616Update for Mozilla Firefox ESR x64 (52.1.0)
PATCH-305667Update for Mozilla Thunderbird (52.1.0)
PATCH-305694Update for Mozilla Firefox (53.0.2)
PATCH-305695Update for Mozilla Firefox x64 (53.0.2)
PATCH-305697Update for Mozilla Firefox ESR (52.1.1)
PATCH-305698Update for Mozilla Firefox ESR x64 (52.1.1)
PATCH-305744Update for Mozilla Thunderbird (52.1.1)
PATCH-305773Update for Mozilla Firefox ESR (52.1.2)
PATCH-305774Update for Mozilla Firefox ESR x64 (52.1.2)
PATCH-305776Update for Mozilla Firefox (53.0.3)
PATCH-305777Update for Mozilla Firefox x64 (53.0.3)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-612783Mozilla Firefox For Mac (145.0.1)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234