Vulnerability CVE-2014-1569
Published: 2014-12-15

Description:
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Mozilla -> Network security services 

 References:
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
http://www.debian.org/security/2015/dsa-3186
http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securitytracker.com/id/1032909
https://bugzilla.mozilla.org/show_bug.cgi?id=1064670
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes
https://www.imperialviolet.org/2014/09/26/pkcs1.html
https://www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02
Copyright 2024, cxsecurity.com

 

Back to Top