CVE-2018-18508 — MEDIUM (6.5)

Q: What is CVE-2018-18508?

CVE-2018-18508 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.

Q: How severe is CVE-2018-18508?

CVE-2018-18508 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-18508?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Network Security Services, Siemens Ruggedcom Rox Mx5000 Firmware, Siemens Ruggedcom Rox Mx5000, Siemens Ruggedcom Rox Rx1400 Firmware, Siemens Ruggedcom Rox Rx1400.

Vulnerability Description

In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mozilla	Network Security Services	< 3.36.7
Siemens	Ruggedcom Rox Mx5000 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Mx5000	-
Siemens	Ruggedcom Rox Rx1400 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1400	-
Siemens	Ruggedcom Rox Rx1500 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1500	-
Siemens	Ruggedcom Rox Rx1501 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1501	-
Siemens	Ruggedcom Rox Rx1510 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1510	-
Siemens	Ruggedcom Rox Rx1511 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1511	-
Siemens	Ruggedcom Rox Rx1512 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1512	-
Siemens	Ruggedcom Rox Rx5000 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx5000	-

Related Weaknesses (CWE)

CWE-476

References

https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdfThird Party Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_releaseRelease NotesVendor Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_releaseRelease NotesVendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04Third Party AdvisoryUS Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdfThird Party Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_releaseRelease NotesVendor Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_releaseRelease NotesVendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-18508?

CVE-2018-18508 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.

How severe is CVE-2018-18508?

CVE-2018-18508 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-18508?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Network Security Services, Siemens Ruggedcom Rox Mx5000 Firmware, Siemens Ruggedcom Rox Mx5000, Siemens Ruggedcom Rox Rx1400 Firmware, Siemens Ruggedcom Rox Rx1400.