1. Home
  2. CVE Database
  3. CVE-2015-7181
HIGH · 7.5

CVE-2015-7181

The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other product...

Vulnerability Description

The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
MozillaNetwork Security Services<= 3.19.2.0
MozillaFirefox<= 41.0.2

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2015-7181?

CVE-2015-7181 is a vulnerability with a CVSS score of 7.5 (HIGH). The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other product...

How severe is CVE-2015-7181?

CVE-2015-7181 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7181?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Network Security Services, Mozilla Firefox.