1. Home
  2. CVE Database
  3. CVE-2015-7182
CRITICAL · 9.8

CVE-2015-7182

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and...

Vulnerability Description

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
OracleTraffic Director11.1.1.7.0
OracleOpensso3.0-0.7
OracleIplanet Web Proxy Server4.0
MozillaFirefox38.0
OracleGlassfish Server2.1.1
MozillaNetwork Security Services<= 3.19.2.0
OracleIplanet Web Server7.0

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2015-7182?

CVE-2015-7182 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and...

How severe is CVE-2015-7182?

CVE-2015-7182 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2015-7182?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Traffic Director, Oracle Opensso, Oracle Iplanet Web Proxy Server, Mozilla Firefox, Oracle Glassfish Server.