CVE-2014-1498

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Input Validation Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1499, CVE-2014-1500, CVE-2014-1501, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514

Published on 19/03/14 - Updated on 22/12/16

Description

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2014-1498
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2014-AVI-133
Mozilla MFSA2014-18
SUSE SUSE-SU-2014:0418
Ubuntu USN-2150-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
mozillafirefox
mozillaseamonkey
opensuse_projectopensuse
oraclesolaris
suselinux_enterprise_desktop
suselinux_enterprise_server
suselinux_enterprise_software_development_kit

Share this vulnerability with:

Twitter Facebook LinkedIn Mail