fkie_cve-2013-1739
Vulnerability from fkie_nvd
Published
2013-10-22 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | network_security_services | * | |
| mozilla | network_security_services | 3.12 | |
| mozilla | network_security_services | 3.12.1 | |
| mozilla | network_security_services | 3.12.2 | |
| mozilla | network_security_services | 3.12.3 | |
| mozilla | network_security_services | 3.12.3.1 | |
| mozilla | network_security_services | 3.12.3.2 | |
| mozilla | network_security_services | 3.12.4 | |
| mozilla | network_security_services | 3.12.5 | |
| mozilla | network_security_services | 3.12.6 | |
| mozilla | network_security_services | 3.12.7 | |
| mozilla | network_security_services | 3.12.8 | |
| mozilla | network_security_services | 3.12.9 | |
| mozilla | network_security_services | 3.12.10 | |
| mozilla | network_security_services | 3.12.11 | |
| mozilla | network_security_services | 3.14 | |
| mozilla | network_security_services | 3.14.1 | |
| mozilla | network_security_services | 3.14.2 | |
| mozilla | network_security_services | 3.14.3 | |
| mozilla | network_security_services | 3.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6943F8E-784B-4CCD-82E3-B5A439C43C07",
"versionEndIncluding": "3.15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E62D1D1B-985D-440B-AD23-3F16AEC8DA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54B8C2DA-E663-437B-83DA-5521AF002C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94C2A7CF-71DB-431C-8F13-E6F46961F68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "000A1698-C9DE-49A1-9F5D-FDED34A134E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "601788BD-8B31-417F-AE7D-BE8E4107C1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06A99645-6A81-40C3-B46F-3D1ABF00EF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBCB20B-A367-485F-9115-04EABBE69C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E38E21D-23A9-4D0D-B45B-AF019CD448F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33955B7C-ABA0-49E3-BEF8-AD29FD31DA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42C5B25D-E039-427D-8655-FD6BB9302793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E3FD4C-57C7-49CC-B970-18FE767A5ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE6B5A1-2E92-427A-810F-0139632F4410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "548E3AAC-3628-4CA4-98CF-7F3724F4355D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39AD87-3C6C-4B2F-AC3C-84FDBE184440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "99EDA73B-F030-48C0-AAC1-7B8FF1D9E54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3720323-D3BD-4ACD-93B7-B1687E2B241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AA512E-B2EA-4C73-91B9-14BD5776EE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D2D713-5A78-4D78-BF0B-2BC1A621D4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B591920E-38ED-4046-AD08-E31464C61A18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure."
},
{
"lang": "es",
"value": "Mozilla Network Security Services (NSS) en versiones anteriores a 3.15.2 no asegura que las estructuras de datos est\u00e9n inicializadas antes de las operaciones de lectura, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores que desencadenan un fallo de descifrado."
}
],
"id": "CVE-2013-1739",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-22T22:55:04.237",
"references": [
{
"source": "security@mozilla.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00013.html"
},
{
"source": "security@mozilla.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00016.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"source": "security@mozilla.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"source": "security@mozilla.org",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "security@mozilla.org",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"source": "security@mozilla.org",
"url": "http://www.debian.org/security/2013/dsa-2790"
},
{
"source": "security@mozilla.org",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "security@mozilla.org",
"url": "http://www.securityfocus.com/bid/62966"
},
{
"source": "security@mozilla.org",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"source": "security@mozilla.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=894370"
},
{
"source": "security@mozilla.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012656"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes"
},
{
"source": "security@mozilla.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1791.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1829.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2030-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=894370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19254"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…