CVE-2013-0791

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Buffer Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2012-1942, CVE-2012-2372, CVE-2012-3552, CVE-2013-0788, CVE-2013-0789, CVE-2013-0790, CVE-2013-0792, CVE-2013-0793, CVE-2013-0794, CVE-2013-0795, CVE-2013-0796, CVE-2013-0797, CVE-2013-0798, CVE-2013-0799, CVE-2013-0800, CVE-2013-0801, CVE-2013-1620, CVE-2013-1669, CVE-2013-1670, CVE-2013-1671, CVE-2013-1672, CVE-2013-1673, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681, CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1697, CVE-2013-2147, CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237

Published on 03/04/13 - Updated on 19/09/17

Description

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2013-0791
Amazon Linux ALAS-2013-216, ALAS-2013-217
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2013-AVI-214, CERTA-2013-AVI-215, CERTA-2013-AVI-657, CERTFR-2014-AVI-480, CERTFR-2016-AVI-344
CentOS CESA-2013:1135, CESA-2013:1144
Mozilla MFSA2013-40
Redhat RHSA-2013:1135, RHSA-2013:1144
Renater 2013/VULN535
SUSE SUSE-SU-2013:0645, SUSE-SU-2013:0842, SUSE-SU-2013:0850, SUSE-SU-2013:1152
Ubuntu USN-1786-1, USN-1786-2, USN-1791-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
mozillafirefox
mozillafirefox_esr
mozillanetwork_security_services
mozillaseamonkey
mozillathunderbird
mozillathunderbird_esr

Share this vulnerability with:

Twitter Facebook LinkedIn Mail